CVE-2023-1209

PUBLISHED

Summary

Cross-Site Scripting (XSS) vulnerabilities exist in ServiceNow records allowing an authenticated attacker to inject arbitrary scripts.

Description

Cross-Site Scripting (XSS) vulnerabilities exist in ServiceNow records allowing an authenticated attacker to inject arbitrary scripts.

Severity

4.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)

Affected Versions

This vulnerability is present in the following Affected Product(s) listed below.

Affected Product(s)
cpe:2.3:a:servicenow:servicenow:san_diego:patch_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:san_diego:patch_2_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:san_diego:patch_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:san_diego:patch_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:san_diego:patch_6:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:san_diego:patch_4:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:san_diego:patch_4a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_4:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:rome:patch_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:rome:patch_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:rome:patch_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:rome:patch_4:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:-:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_1b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:rome:patch_3_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:rome:patch_4_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:rome:patch_4_hotfix_1a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:rome:patch_4_hotfix_1b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:rome:patch_5:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:rome:patch_5_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:rome:patch_5_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:rome:patch_6:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:rome:patch_6_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:rome:patch_6_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:rome:patch_7_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:rome:patch_7a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:rome:patch_7b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:rome:patch_8:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:rome:patch_8_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:rome:patch_8_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:rome:patch_9:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:rome:patch_9a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:rome:patch_9b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:rome:patch_9_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:rome:patch_10:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:rome:patch_10_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:rome:patch_10_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:rome:patch_10_hotfix_2a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:san_diego:patch_7:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:san_diego:patch_8:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:tokyo:-:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:san_diego:patch_7b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:san_diego:-:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:tokyo:patch_1a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:tokyo:patch_1b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:tokyo:patch_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:tokyo:patch_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:tokyo:patch_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_1a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:rome:-:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:rome:patch_10_hotfix_2b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:rome:patch_10_hotfix_3b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:tokyo:patch_1_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:tokyo:patch_2_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:tokyo:patch_2_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:tokyo:patch_2_hotfix_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:tokyo:patch_2_hotfix_4:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:tokyo:patch_3_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:tokyo:patch_3_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:tokyo:patch_3_hotfix_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:tokyo:patch_3_hotfix_4:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:tokyo:patch_4:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:san_diego:patch_9:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:san_diego:patch_7a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:san_diego:patch_7_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:san_diego:patch_7_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:san_diego:patch_7_hottix_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:san_diego:patch_8_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:san_diego:patch_8_hotfix_2:*:*:*:*:*:*

References

Change History

Date Note
2023-05-23 Initial publication
2023-05-23 Last updated