Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2022-38463

UNKNOWN
Published 2022-08-23T18:07:57
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2022-38463. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality.

Available Exploits

ServiceNow - Cross-Site Scripting

ServiceNow through San Diego Patch 4b and Patch 6 contains a cross-site scripting vulnerability in the logout functionality, which can enable an unauthenticated remote attacker to execute arbitrary JavaScript.

ID: CVE-2022-38463
Author: amanrawat Medium

References:

Related News

No news articles found for this CVE.

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-xx2g-w5xg-2w3f

Advisory Details

ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality.

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2022-38463
WEB https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1156793

Advisory provided by GitHub Security Advisory Database. Published: August 24, 2022, Modified: August 27, 2022

References

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1156793

HackerOne Reports

Reflected XSS at https://██████/ Medium
testingforbugs
U.S. Dept Of Defense
Cross-site Scripting (XSS) - Reflected
View Report
XSS DUE TO CVE-2022-38463 in https://████████ Medium
shuvam321
U.S. Dept Of Defense
Cross-site Scripting (XSS) - Reflected
View Report
XSS in ServiceNow logout https://████:443 Medium
colemanj
U.S. Dept Of Defense
Cross-site Scripting (XSS) - Reflected
View Report
Published: 2022-08-23T18:07:57
Last Modified: 2024-08-03T10:54:03.697Z
Copied to clipboard!