← Retour aux CVEs
CVE-2022-46389
MEDIUM6.1
Description
There exists a reflected XSS within the logout functionality of ServiceNow versions lower than Quebec Patch 10 Hotfix 11b, Rome Patch 10 Hotfix 3b, San Diego Patch 9, Tokyo Patch 4, and Utah GA. This enables an unauthenticated remote attacker to execute arbitrary JavaScript code in the browser-based web console.
Details CVE
Score CVSS v3.16.1
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurREQUIRED
Publie4/17/2023
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
servicenow:servicenow
Faiblesses (CWE)
CWE-79CWE-79
References
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1272156(psirt@servicenow.com)
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1272156(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.