Lucene search

[email protected]CVE-2022-38172

HistoryAug 23, 2022 - 7:15 p.m.

CVE-2022-38172

2022-08-2319:15:09

CWE-79

[email protected]

web.nvd.nist.gov

servicenow

san diego

patch 3

xss

name field

performance analytics

dashboard

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

31.5%

JSON

ServiceNow through San Diego Patch 3 allows XSS via the name field during creation of a new dashboard for the Performance Analytics dashboard.

Affected configurations

NVD

Node

servicenowservicenowMatchsan_diegopatch_1

servicenowservicenowMatchsan_diegopatch_1_hotfix_1

servicenowservicenowMatchsan_diegopatch_1_hotfix_1a

servicenowservicenowMatchsan_diegopatch_1_hotfix_1b

servicenowservicenowMatchsan_diegopatch_2

servicenowservicenowMatchsan_diegopatch_2_hotfix_1

servicenowservicenowMatchsan_diegopatch_3

CPENameOperatorVersion
servicenow:servicenowservicenoweqsan_diego

CPE	Name	Operator	Version
servicenow:servicenow	servicenow	eq	san_diego

References

support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1122640

Social References

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

31.5%

JSON

Related for CVE-2022-38172

cvelist1 nvd1 prion1