Home
MEDIUM: 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NDefault status
unaffected
Any version before San Diego Patch 10
affected
Any version before Tokyo Patch 4b
affected
Any version before Tokyo Patch 6
affected
Any version before Utah Patch 1
affected
Description
ServiceNow has released upgrades and patches that address a Reflected Cross-Site scripting (XSS) vulnerability that was identified in the ServiceNow Polaris Layout. This vulnerability would enable an authenticated user to inject arbitrary scripts.
Problem types
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Product status
Any version before San Diego Patch 10
Any version before Tokyo Patch 4b
Any version before Tokyo Patch 6
Any version before Utah Patch 1
Credits
Osama Yousef
References
support.servicenow.com/...cle_view&sysparm_article=KB1310230
support.servicenow.com/...cle_view&sysparm_article=KB1310230