Lucene search
K

4 matches found

Nuclei
Nuclei
added yesterday104 views

ServiceNow - Cross-Site Scripting

ServiceNow through San Diego Patch 4b and Patch 6 contains a cross-site scripting vulnerability in the logout functionality, which can enable an unauthenticated remote attacker to execute arbitrary JavaScript. id: CVE-2022-38463 info: name: ServiceNow - Cross-Site Scripting author: amanrawat...

6.1CVSS6.6AI score0.02258EPSS
Exploits0References5
Hacker One
Hacker One
added 2022/09/14 10:48 a.m.34 views

U.S. Dept Of Defense: XSS in ServiceNow logout https://████:443

An XSS vulnerability was discovered in ServiceNow logout, allowing an unauthenticated remote attacker to execute code in the user's browser context by clicking on a malicious link. The vulnerability was present in ServiceNow versions prior to SanDiego SP6 and has been assigned CVE-2022-38463...

6.1CVSS6.2AI score0.02258EPSS
Exploits0
Hacker One
Hacker One
added 2022/08/26 11:0 a.m.122 views

U.S. Dept Of Defense: XSS DUE TO CVE-2022-38463 in https://████████

Description: During my research, I found one of the host running ServiceNow vulnerable to CVE-2022-38463 . ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality. Impact Attacker is able to steal victims cookies, redirect victim to attacker controlled...

5.8CVSS1.6AI score0.02258EPSS
Exploits0
Hacker One
Hacker One
added 2022/08/26 10:8 a.m.22 views

U.S. Dept Of Defense: Reflected XSS at https://██████/

A reflected XSS vulnerability was discovered in the logout functionality of ServiceNow, allowing an unauthenticated remote attacker to execute arbitrary JavaScript code...

6.1CVSS6.3AI score0.02258EPSS
Exploits0
Rows per page
Query Builder