Lucene search

K
hackeroneShuvam321H1:1681208
HistoryAug 26, 2022 - 11:00 a.m.

U.S. Dept Of Defense: XSS DUE TO CVE-2022-38463 in https://████████

2022-08-2611:00:51
shuvam321
hackerone.com
86

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

46.0%

Description:
During my research, I found one of the host running ServiceNow vulnerable to CVE-2022-38463 . ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality.

Impact

Attacker is able to steal victims cookies, redirect victim to attacker controlled domain, and perform various malicious activities.

System Host(s)

███

Affected Product(s) and Version(s)

CVE Numbers

Steps to Reproduce

1.Enter the following crafted URL in any web-browser.

https://█████████/logout_redirect.do?sysparm_url=//j\\javascript%3Aalert(document.domain)

  1. XSS will be triggered.

Suggested Mitigation/Remediation Actions

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

46.0%

Related for H1:1681208