Cross-Site Scripting Vulnerability in ServiceNow ITSM Product
CVE-2018-8720

5.4MEDIUM

Key Information:

Vendor: Servicenow
Status: It Service Management
Vendor: CVE Published:; 15 March 2018

What is CVE-2018-8720?

This vulnerability allows an attacker to execute arbitrary JavaScript in the context of the user's session, exploiting the First Name or Last Name fields in the My Profile section and the Search bar within My Portal. Successful exploitation could lead to unauthorized access to sensitive information or actions on behalf of the user. Proper input validation and sanitization are necessary to mitigate the risks associated with such vulnerabilities.

References

https://packetstormsecurity.com/files/137427/ServiceNow-I...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 15, 2018
Vulnerability Reserved
Mar 14, 2018

Servicenow

What is CVE-2018-8720?

References

CVSS V3.1

Timeline