ServiceNow - Cross-Site Scripting

ServiceNow through San Diego Patch 4b and Patch 6 contains a cross-site scripting vulnerability in the logout functionality, which can enable an unauthenticated remote attacker to execute arbitrary JavaScript. id: CVE-2022-38463 info: name: ServiceNow - Cross-Site Scripting author: amanrawat...

U.S. Dept Of Defense: XSS DUE TO CVE-2022-38463 in https://████████

Description: During my research, I found one of the host running ServiceNow vulnerable to CVE-2022-38463 . ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality. Impact Attacker is able to steal victims cookies, redirect victim to attacker controlled...

Cross site scripting

ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality...

Hardware encryption doesn't work on tape operations after update to 9.5 Patch 4b

Challenge After you update to patch 4b 9.5.4.2866, you may face the following encryption-related issues during the backup and restore procedures. Restore from tape backups made in the previous product versions with enabled hardware encryption may fail with the following error message: 11.07.2019...