XSS DUE TO CVE-2022-38463 in https://████████

**Description:** During my research, I found one of the host running ServiceNow vulnerable to CVE-2022-38463 . ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality. ## Impact Attacker is able to steal victims cookies, redirect victim to attacker controlled domain, and perform various malicious activities. ## System Host(s) ███ ## Affected Product(s) and Version(s) ## CVE Numbers ## Steps to Reproduce 1.Enter the following crafted URL in any web-browser. https://█████████/logout_redirect.do?sysparm_url=//j%5c%5cjavascript%3aalert(document.domain) 2. XSS will be triggered. ## Suggested Mitigation/Remediation Actions