ServiceNow Advisories

CVE-2023-3442

Missing Authorization in Jenkins plug-in for ServiceNow DevOps

CVE-2023-3414

Cross-Site Request Forgery (CSRF) in Jenkins Plug-in for ServiceNow DevOps

CVE-2023-1298

ServiceNow has released upgrades and patches that address a Reflected Cross-Site scripting (XSS) vulnerability that was identified in the ServiceNow Polaris ...

CVE-2023-1209

Cross-Site Scripting (XSS) vulnerabilities exist in ServiceNow records allowing an authenticated attacker to inject arbitrary scripts.

CVE-2022-46389

Cross-Site Scripting (XSS) vulnerability found on logout functionality

CVE-2022-46886

There exists an open redirect within the response list update functionality of ServiceNow. This allows attackers to redirect users to arbitrary domains when ...

CVE-2022-39048

Cross-Site Scripting (XSS) vulnerability in ServiceNow UI page assessment_redirect