CVE-2022-46389
published 2023-04-17CVE-2022-46389: There exists a reflected XSS within the logout functionality of ServiceNow versions lower than Quebec Patch 10 Hotfix 11b, Rome Patch 10 Hotfix 3b, San Diego…
PriorityP427medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.60%
44.0th percentile
There exists a reflected XSS within the logout functionality of ServiceNow versions lower than Quebec Patch 10 Hotfix 11b, Rome Patch 10 Hotfix 3b, San Diego Patch 9, Tokyo Patch 4, and Utah GA. This enables an unauthenticated remote attacker to execute arbitrary JavaScript code in the browser-based web console.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| servicenow | now_platform | >= Quebec < Patch 10 Hotfix 11b | Patch 10 Hotfix 11b |
| servicenow | now_platform | >= Rome < Patch 10 Hotfix 3b | Patch 10 Hotfix 3b |
| servicenow | now_platform | >= San Diego < Patch 9 | Patch 9 |
| servicenow | now_platform | >= Tokyo < Patch 4 | Patch 4 |
| servicenow | now_platform | >= Utah < GA | GA |
| servicenow | servicenow | — | — |
| servicenow | servicenow | — | — |
| servicenow | servicenow | — | — |
| servicenow | servicenow | — | — |
| servicenow | servicenow | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-04-17
Published