CVE-2023-1298
Summary
ServiceNow has released upgrades and patches that address a Reflected Cross-Site scripting (XSS) vulnerability that was identified in the ServiceNow Polaris Layout. This vulnerability would enable an authenticated user to inject arbitrary scripts.
Description
ServiceNow has released upgrades and patches that address a Reflected Cross-Site scripting (XSS) vulnerability that was identified in the ServiceNow Polaris Layout. This vulnerability would enable an authenticated user to inject arbitrary scripts.
Severity
4.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)
Affected Versions
This vulnerability is present in the following Affected Product(s) listed below.
Affected Product(s) |
---|
cpe:2.3:a:servicenow:servicenow:san_diego:patch_3:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_2_hotfix_1:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_2:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1b:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1a:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_1:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_6:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_4:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_4a:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_1:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_2:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_3:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_4:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_4b:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_7:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_8:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:tokyo:-:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_7b:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_5:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:tokyo:patch_1a:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:tokyo:patch_1b:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:tokyo:patch_1:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:tokyo:patch_2:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:tokyo:patch_3:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:tokyo:patch_1_hotfix_1:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:tokyo:patch_2_hotfix_1:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:tokyo:patch_2_hotfix_2:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:tokyo:patch_2_hotfix_3:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:tokyo:patch_2_hotfix_4:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:tokyo:patch_3_hotfix_1:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:tokyo:patch_3_hotfix_2:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:tokyo:patch_3_hotfix_3:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:tokyo:patch_3_hotfix_4:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:tokyo:patch_4:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_9:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_7a:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_7_hotfix_1:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_7_hotfix_2:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_7_hottix_3:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_8_hotfix_1:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_8_hotfix_2:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:utah:patch1:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:tokyo:patch_4_hotfix_2:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:tokyo:patch_4_hotfix_3:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:tokyo:patch_4a:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:tokyo:patch_4a_hotfix_1:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:tokyo:patch_5:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:tokyo:patch_5_hotfix_1:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:tokyo:patch_5_hotfix_2:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:tokyo:patch_5_hotfix_3:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_9a:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_9a_hotfix_1:*:*:*:*:*:* |
cpe:2.3:a:servicenow:servicenow:san_diego:patch_9b:*:*:*:*:*:* |
References
- https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1310230
- https://www.linkedin.com/in/osamay/
Change History
Date | Note |
---|---|
2023-07-06 | Initial publication |
2023-07-07 | Last updated |