Описание
A cross-site scripting (XSS) vulnerability in Employee Service Center (esc) and Service Portal (sp) in ServiceNow Quebec, Rome, and San Diego allows remote attackers to inject arbitrary web script via the Standard Ticket Conversations widget.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:servicenow:servicenow:quebec:*:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:rome:*:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:rome:patch_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:rome:patch_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:rome:patch_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:rome:patch_4:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:san_diego:*:*:*:*:*:*:*
EPSS
Процентиль: 44%
0.00216
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
около 3 лет назад
A cross-site scripting (XSS) vulnerability in Employee Service Center (esc) and Service Portal (sp) in ServiceNow Quebec, Rome, and San Diego allows remote attackers to inject arbitrary web script via the Standard Ticket Conversations widget.
EPSS
Процентиль: 44%
0.00216
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79