Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
hackeroneColemanjH1:1699855
HistorySep 14, 2022 - 10:48 a.m.

U.S. Dept Of Defense: XSS in ServiceNow logout https://████:443

2022-09-1410:48:09
colemanj
hackerone.com
15
dept of defense
servicenow
xss
logout
remote attacker
code execution
user's browser context
unauthenticated
malicious link
sandiego sp6
cve-2022-38463
patched version
upgrade
bugbounty

0.002 Low

EPSS

Percentile

54.9%

JSON

Description:
XSS in ServiceNow logout
https://██████:443/logout_redirect.do?sysparm_url=//j\\javascript%3Aalert(document.domain)

References

https://nvd.nist.gov/vuln/detail/CVE-2022-38463

Impact

Unauthenticated remote attacker can execute code in user’s browser context. User must click on malicious link

System Host(s)

███████

Affected Product(s) and Version(s)

Servicenow prior to SanDiego SP6

CVE Numbers

CVE-2022-38463

Steps to Reproduce

Click on https://█████:443/logout_redirect.do?sysparm_url=//j\\javascript%3Aalert(document.domain)

Suggested Mitigation/Remediation Actions

Upgrade to patched version of ServiceNow

Related

cvelist 1
hackerone 2
prion 1
nvd 1
cve 1
nuclei 1
cvelist
cvelist
CVE-2022-38463
2022-08-23 18:07:57
hackerone
hackerone
U.S. Dept Of Defense: Reflected XSS at https://██████/
2022-08-26 10:08:17
U.S. Dept Of Defense: XSS DUE TO CVE-2022-38463 in https://████████
2022-08-26 11:00:51
prion
prion
Cross site scripting
2022-08-23 19:15:00
nvd
nvd
CVE-2022-38463
2022-08-23 19:15:09
cve
cve
CVE-2022-38463
2022-08-23 19:15:09
nuclei
nuclei
ServiceNow - Cross-Site Scripting
2022-08-25 14:42:25

0.002 Low

EPSS

Percentile

54.9%

JSON
Related for H1:1699855
cvelist1hackerone2prion1nvd1cve1nuclei1