Lucene search
HistoryJan 13, 2023 - 12:15 a.m.
CVE-2022-42704
cve-2022-42704
cross-site scripting
xss
employee service center
service portal
servicenow
quebec
rome
san diego
nvd
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
26.2%
A cross-site scripting (XSS) vulnerability in Employee Service Center (esc) and Service Portal (sp) in ServiceNow Quebec, Rome, and San Diego allows remote attackers to inject arbitrary web script via the Standard Ticket Conversations widget.
Affected configurations
Node
servicenowservicenowMatchquebec
ORservicenowservicenowMatchrome
ORservicenowservicenowMatchromepatch_1
ORservicenowservicenowMatchromepatch_2
ORservicenowservicenowMatchromepatch_3
ORservicenowservicenowMatchromepatch_4
ORservicenowservicenowMatchsan_diego
| CPE | Name | Operator | Version |
|---|---|---|---|
| servicenow:servicenow | servicenow | eq | quebec |
| servicenow:servicenow | servicenow | eq | rome |
| servicenow:servicenow | servicenow | eq | san_diego |
Related
prion
prion
Cross site scripting
2023-01-13 00:15:00
cvelist
cvelist
CVE-2022-42704
2023-01-12 00:00:00
nvd
nvd
CVE-2022-42704
2023-01-13 00:15:09
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
26.2%
Related for CVE-2022-42704