Lucene search

[email protected]NVD:CVE-2022-38172

HistoryAug 23, 2022 - 7:15 p.m.

CVE-2022-38172

2022-08-2319:15:09

CWE-79

[email protected]

web.nvd.nist.gov

servicenow

san diego

patch 3

xss

vulnerability

performance analytics

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

31.3%

JSON

ServiceNow through San Diego Patch 3 allows XSS via the name field during creation of a new dashboard for the Performance Analytics dashboard.

Affected configurations

NVD

Node

servicenowservicenowMatchsan_diegopatch_1

servicenowservicenowMatchsan_diegopatch_1_hotfix_1

servicenowservicenowMatchsan_diegopatch_1_hotfix_1a

servicenowservicenowMatchsan_diegopatch_1_hotfix_1b

servicenowservicenowMatchsan_diegopatch_2

servicenowservicenowMatchsan_diegopatch_2_hotfix_1

servicenowservicenowMatchsan_diegopatch_3

References

support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1122640

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

31.3%

JSON

Related for NVD:CVE-2022-38172

cvelist1 prion1 cve1