153 matches found
ServiceNow - Cross-Site Scripting
ServiceNow through San Diego Patch 4b and Patch 6 contains a cross-site scripting vulnerability in the logout functionality, which can enable an unauthenticated remote attacker to execute arbitrary JavaScript. id: CVE-2022-38463 info: name: ServiceNow - Cross-Site Scripting author: amanrawat...
ServiceNow - Cross-site Scripting
A XSS vulnerability was identified in the ServiceNow UI page assessmentredirect. To exploit this vulnerability, an attacker would need to persuade an authenticated user to click a maliciously crafted URL. Successful exploitation potentially could be used to conduct various client-side attacks,...
ServiceNow UI Macros - Template Injection
ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted...
ServiceNow - Incomplete Input Validation
ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability is addresse...
CVE-2019-20768
ServiceNow IT Service Management Kingston through Patch 14-1, London through Patch 7, and Madrid before patch 4 allow stored XSS via crafted sysparmitemguid and sysid parameters in an Incident Request to servicecatalog.do...
CVE-2025-62607 Nautobot Single Source of Truth (SSoT) has an unauthenticated ServiceNow configuration URL
Nautobot Single Source of Truth SSoT is an app for Nautobot. Prior to version 3.10.0, an unauthenticated attacker could access this page to view the Service Now public instance name e.g. companyname.service-now.com. This is considered low-value information. This does not expose the Secret, the...
CVE-2025-11450
creationtimestamp| type| source ---|---|--- 2025-10-10 09:43:33+00:00| seen| https://t.me/GithubRedTeam/54899 2025-10-10 13:01:03+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/servicenow-security-advisory-av25-655 2025-10-11 19:50:49+00:00| published-proof-of-concept|...
PT-2025-41500
Name of the Vulnerable Software and Affected Versions ServiceNow affected versions not specified Description A reflected cross-site scripting issue exists in the ServiceNow AI Platform. Successful exploitation could allow for the execution of arbitrary code within the browsers of ServiceNow users...
EUVD-2023-23488
Malicious code in bioql PyPI...
EUVD-2023-23561
Malicious code in bioql PyPI...
EUVD-2022-49666
Malicious code in bioql PyPI...
EUVD-2022-49198
Malicious code in bioql PyPI...
EUVD-2023-41405
Malicious code in bioql PyPI...
nautobot-chatops (>=1.6.0 <=1.7.1), nautobot-chatops-arista-cloudvision (>=1.0.1 <=1.3.0) +7 more potentially affected by CVE-2025-49142 via nautobot (>=1.0.3 <=1.5.16)
nautobot PYPI version =1.0.3, =1.6.0, =1.0.1, =1.1.0, =0.9.2, =1.5.0, =0.9.0, =0.1.0, =0.1.0, =0.2.0 Source cves: CVE-2025-49142 Source advisory: OSV:GHSA-WJW6-95H5-4JPX...
CVE-2022-42704
A cross-site scripting XSS vulnerability in Employee Service Center esc and Service Portal sp in ServiceNow Quebec, Rome, and San Diego allows remote attackers to inject arbitrary web script via the Standard Ticket Conversations widget...
CVE-2022-46886
There exists an open redirect within the response list update functionality of ServiceNow. This allows attackers to redirect users to arbitrary domains when clicking on a URL within a service-now domain...
ServiceNow SAML Single Sign-On Bypass
ServiceNow enables a page named sidedoor.do by default to allow users bypassing the Single Sign On SSO feature in case of issues to still access their ServiceNow instance. No source data...
New Attacks Exploit Year-Old ServiceNow Flaws – Israel Hit Hardest
Article updated with a statement from ServiceNow...
CVE-2025-0337
ServiceNow has addressed an authorization bypass vulnerability that was identified in the Washington release of the Now Platform. This vulnerability, if exploited, potentially could enable an authenticated user to access unauthorized data stored within the Now Platform that the user otherwise wou...
CVE-2025-0337 Authorization bypass in Now Platform
ServiceNow has addressed an authorization bypass vulnerability that was identified in the Washington release of the Now Platform. This vulnerability, if exploited, potentially could enable an authenticated user to access unauthorized data stored within the Now Platform that the user otherwise wou...