79 matches found
ServiceNow - Cross-Site Scripting
ServiceNow through San Diego Patch 4b and Patch 6 contains a cross-site scripting vulnerability in the logout functionality, which can enable an unauthenticated remote attacker to execute arbitrary JavaScript. id: CVE-2022-38463 info: name: ServiceNow - Cross-Site Scripting author: amanrawat...
CVE-2022-38463
ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality...
EUVD-2022-40768
Malicious code in bioql PyPI...
CVE-2022-38172
ServiceNow through San Diego Patch 3 allows XSS via the name field during creation of a new dashboard for the Performance Analytics dashboard...
san-diego-theater.com Cross Site Scripting vulnerability OBB-3876002
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
virtualtours.sandiegorealestatephotography.com Cross Site Scripting vulnerability OBB-3848039
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
sandiegoflowerdelivery.net Cross Site Scripting vulnerability OBB-3655350
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
sandiegofamilymedicine.com Cross Site Scripting vulnerability OBB-3655349
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
himalayangrillsandiego.com Cross Site Scripting vulnerability OBB-3614402
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
san-diego-theater.com Cross Site Scripting vulnerability OBB-3564392
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2022-43684
ServiceNow has released patches and an upgrade that address an Access Control List ACL bypass issue in ServiceNow Core functionality. Additional Details This issue is present in the following supported ServiceNow releases: Quebec prior to Patch 10 Hot Fix 8b Rome prior to Patch 10 Hot Fix 1 San...
ServiceNow 安全漏洞
ServiceNow is a cloud computing platform from US-based ServiceNow, Inc. to help companies manage the digital workflow of their business operations. A security vulnerability exists in multiple ServiceNow products that stems from the presence of incorrect access control. The following products and...
PT-2023-14286 · Servicenow · Servicenow
Name of the Vulnerable Software and Affected Versions: ServiceNow versions Quebec prior to Patch 10 Hot Fix 8b ServiceNow versions Rome prior to Patch 10 Hot Fix 1 ServiceNow versions San Diego prior to Patch 7 ServiceNow versions Tokyo prior to Tokyo Patch 1 ServiceNow versions Utah prior to Uta...
sandiegocprclasses.com Cross Site Scripting vulnerability OBB-3322325
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
PT-2023-14925 · Servicenow · Servicenow
Name of the Vulnerable Software and Affected Versions: ServiceNow versions prior to Quebec Patch 10 Hotfix 11b ServiceNow versions prior to Rome Patch 10 Hotfix 3b ServiceNow versions prior to San Diego Patch 9 ServiceNow versions prior to Tokyo Patch 4 ServiceNow versions prior to Utah GA...
sandiegocprclasses.com Cross Site Scripting vulnerability OBB-3228518
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
ServiceNow San Diego Patch和Rome Patch 跨站脚本漏洞
ServiceNow San Diego Patch and ServiceNow Rome Patch are both products of ServiceNow, Inc.ServiceNow San Diego Patch is a series of patches.ServiceNow Rome Patch is an application patch. ServiceNow San Diego Patch and Rome Patch have a security vulnerability that stems from the presence of...
CVE-2022-42704
CVE-2022-42704 is a cross-site scripting (XSS) vulnerability in ServiceNow’s Employee Service Center (ESC) and Service Portal (SP) affecting Quebec through San Diego releases. The issue allows remote attackers to inject arbitrary web script via the Standard Ticket Conversations widget, with impac...
PT-2023-14143 · Servicenow · Servicenow
Name of the Vulnerable Software and Affected Versions: ServiceNow versions Quebec through San Diego Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script via the Standard Ticket Conversations widget in the Employee Service Center and Service Portal...
CVE-2022-42704
A cross-site scripting XSS vulnerability in Employee Service Center esc and Service Portal sp in ServiceNow Quebec, Rome, and San Diego allows remote attackers to inject arbitrary web script via the Standard Ticket Conversations widget...