Lucene search

[email protected]NVD:CVE-2023-1298

HistoryJul 06, 2023 - 6:15 p.m.

CVE-2023-1298

2023-07-0618:15:10

CWE-79

[email protected]

web.nvd.nist.gov

servicenow

xss

vulnerability

patched

upgrade

arbitrary scripts

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.1%

JSON

ServiceNow has released upgrades and patches that address a Reflected Cross-Site scripting (XSS) vulnerability that was identified in the ServiceNow Polaris Layout. This vulnerability would enable an authenticated user to inject arbitrary scripts.

Affected configurations

NVD

Node

servicenowservicenowMatchsan_diegopatch_1

servicenowservicenowMatchsan_diegopatch_1_hotfix_1

servicenowservicenowMatchsan_diegopatch_1_hotfix_1a

servicenowservicenowMatchsan_diegopatch_1_hotfix_1b

servicenowservicenowMatchsan_diegopatch_2

servicenowservicenowMatchsan_diegopatch_2_hotfix_1

servicenowservicenowMatchsan_diegopatch_3

servicenowservicenowMatchsan_diegopatch_3_hotfix_1

servicenowservicenowMatchsan_diegopatch_3_hotfix_2

servicenowservicenowMatchsan_diegopatch_3_hotfix_3

servicenowservicenowMatchsan_diegopatch_3_hotfix_4

servicenowservicenowMatchsan_diegopatch_4

servicenowservicenowMatchsan_diegopatch_4a

servicenowservicenowMatchsan_diegopatch_4b

servicenowservicenowMatchsan_diegopatch_5

servicenowservicenowMatchsan_diegopatch_6

servicenowservicenowMatchsan_diegopatch_7

servicenowservicenowMatchsan_diegopatch_7_hotfix_1

servicenowservicenowMatchsan_diegopatch_7_hotfix_2

servicenowservicenowMatchsan_diegopatch_7_hottix_3

servicenowservicenowMatchsan_diegopatch_7a

servicenowservicenowMatchsan_diegopatch_7b

servicenowservicenowMatchsan_diegopatch_8

servicenowservicenowMatchsan_diegopatch_8_hotfix_1

servicenowservicenowMatchsan_diegopatch_8_hotfix_2

servicenowservicenowMatchsan_diegopatch_9

servicenowservicenowMatchsan_diegopatch_9a

servicenowservicenowMatchsan_diegopatch_9a_hotfix_1

servicenowservicenowMatchsan_diegopatch_9b

servicenowservicenowMatchtokyo-

servicenowservicenowMatchtokyopatch_1

servicenowservicenowMatchtokyopatch_1_hotfix_1

servicenowservicenowMatchtokyopatch_1a

servicenowservicenowMatchtokyopatch_1b

servicenowservicenowMatchtokyopatch_2

servicenowservicenowMatchtokyopatch_2_hotfix_1

servicenowservicenowMatchtokyopatch_2_hotfix_2

servicenowservicenowMatchtokyopatch_2_hotfix_3

servicenowservicenowMatchtokyopatch_2_hotfix_4

servicenowservicenowMatchtokyopatch_3

servicenowservicenowMatchtokyopatch_3_hotfix_1

servicenowservicenowMatchtokyopatch_3_hotfix_2

servicenowservicenowMatchtokyopatch_3_hotfix_3

servicenowservicenowMatchtokyopatch_3_hotfix_4

servicenowservicenowMatchtokyopatch_4

servicenowservicenowMatchtokyopatch_4_hotfix_2

servicenowservicenowMatchtokyopatch_4_hotfix_3

servicenowservicenowMatchtokyopatch_4a

servicenowservicenowMatchtokyopatch_4a_hotfix_1

servicenowservicenowMatchtokyopatch_5

servicenowservicenowMatchtokyopatch_5_hotfix_1

servicenowservicenowMatchtokyopatch_5_hotfix_2

servicenowservicenowMatchtokyopatch_5_hotfix_3

servicenowservicenowMatchutahpatch1

References

support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1310230

www.linkedin.com/in/osamay/

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.1%

JSON

Related for NVD:CVE-2023-1298

cvelist1 prion1 cve1