cbcvebase.
CVE-2023-1209
published 2023-05-23

CVE-2023-1209: Cross-Site Scripting (XSS) vulnerabilities exist in ServiceNow records allowing an authenticated attacker to inject arbitrary scripts.

PriorityP423medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.38%
29.5th percentile
Cross-Site Scripting (XSS) vulnerabilities exist in ServiceNow records allowing an authenticated attacker to inject arbitrary scripts.

Affected

10 ranges
VendorProductVersion rangeFixed in
servicenowservicenow
servicenowservicenow
servicenowservicenow
servicenowservicenow
servicenowservicenow_records< Tokyo Patch 5Tokyo Patch 5
servicenowservicenow_records< Tokyo Patch 4aTokyo Patch 4a
servicenowservicenow_records< San Diego Patch 10San Diego Patch 10
servicenowservicenow_records< San Diego Patch 9aSan Diego Patch 9a
servicenowservicenow_records< Rome Patch 10 Hot Fix 4bRome Patch 10 Hot Fix 4b
servicenowservicenow_records< Utah Patch 1Utah Patch 1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.