4 matches found
ServiceNow - Cross-Site Scripting
ServiceNow through San Diego Patch 4b and Patch 6 contains a cross-site scripting vulnerability in the logout functionality, which can enable an unauthenticated remote attacker to execute arbitrary JavaScript. id: CVE-2022-38463 info: name: ServiceNow - Cross-Site Scripting author: amanrawat...
U.S. Dept Of Defense: XSS in ServiceNow logout https://████:443
An XSS vulnerability was discovered in ServiceNow logout, allowing an unauthenticated remote attacker to execute code in the user's browser context by clicking on a malicious link. The vulnerability was present in ServiceNow versions prior to SanDiego SP6 and has been assigned CVE-2022-38463...
U.S. Dept Of Defense: XSS DUE TO CVE-2022-38463 in https://████████
Description: During my research, I found one of the host running ServiceNow vulnerable to CVE-2022-38463 . ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality. Impact Attacker is able to steal victims cookies, redirect victim to attacker controlled...
U.S. Dept Of Defense: Reflected XSS at https://██████/
A reflected XSS vulnerability was discovered in the logout functionality of ServiceNow, allowing an unauthenticated remote attacker to execute arbitrary JavaScript code...