Lucene search
HistoryAug 23, 2022 - 7:15 p.m.
CVE-2022-38463
servicenow
san diego
patch
reflected xss
logout
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.002
Percentile
54.7%
ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality.
Affected configurations
Node
servicenowservicenowMatchsan_diegopatch_4
ORservicenowservicenowMatchsan_diegopatch_4a
ORservicenowservicenowMatchsan_diegopatch_6
| Vendor | Product | Version | CPE |
|---|---|---|---|
| servicenow | servicenow | san_diego | cpe:2.3:a:servicenow:servicenow:san_diego:patch_4:*:*:*:*:*:* |
| servicenow | servicenow | san_diego | cpe:2.3:a:servicenow:servicenow:san_diego:patch_4a:*:*:*:*:*:* |
| servicenow | servicenow | san_diego | cpe:2.3:a:servicenow:servicenow:san_diego:patch_6:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2022-38463
2022-08-23 18:07:57
prion
prion
Cross site scripting
2022-08-23 19:15:00
hackerone
hackerone
U.S. Dept Of Defense: Reflected XSS at https://██████/
2022-08-26 10:08:17
U.S. Dept Of Defense: XSS DUE TO CVE-2022-38463 in https://████████
2022-08-26 11:00:51
U.S. Dept Of Defense: XSS in ServiceNow logout https://████:443
2022-09-14 10:48:09
nuclei
nuclei
ServiceNow - Cross-Site Scripting
2022-08-25 14:42:25
cve
cve
CVE-2022-38463
2022-08-23 19:15:09
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.002
Percentile
54.7%
Related for NVD:CVE-2022-38463