cbcvebase.
CVE-2022-46389
published 2023-04-17

CVE-2022-46389: There exists a reflected XSS within the logout functionality of ServiceNow versions lower than Quebec Patch 10 Hotfix 11b, Rome Patch 10 Hotfix 3b, San Diego…

PriorityP427medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.60%
44.0th percentile
There exists a reflected XSS within the logout functionality of ServiceNow versions lower than Quebec Patch 10 Hotfix 11b, Rome Patch 10 Hotfix 3b, San Diego Patch 9, Tokyo Patch 4, and Utah GA. This enables an unauthenticated remote attacker to execute arbitrary JavaScript code in the browser-based web console.

Affected

10 ranges
VendorProductVersion rangeFixed in
servicenownow_platform>= Quebec < Patch 10 Hotfix 11bPatch 10 Hotfix 11b
servicenownow_platform>= Rome < Patch 10 Hotfix 3bPatch 10 Hotfix 3b
servicenownow_platform>= San Diego < Patch 9Patch 9
servicenownow_platform>= Tokyo < Patch 4Patch 4
servicenownow_platform>= Utah < GAGA
servicenowservicenow
servicenowservicenow
servicenowservicenow
servicenowservicenow
servicenowservicenow
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.