CVE-2022-42704

Sažetak

A cross-site scripting (XSS) vulnerability in Employee Service Center (esc) and Service Portal (sp) in ServiceNow Quebec, Rome, and San Diego allows remote attackers to inject arbitrary web script via the Standard Ticket Conversations widget.

Reference

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1216141
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1216141

CVSS

Base:	5.4
Impact:	2.7
Exploitability:	2.3

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Zadnje važnije ažuriranje

09-04-2025 - 14:15

Objavljeno

13-01-2023 - 00:15