XSS Vulnerability in ServiceNow Performance Analytics Dashboard
CVE-2022-38172

6.1MEDIUM

Key Information:

Vendor: Servicenow
Status: Servicenow
Vendor: CVE Published:; 23 August 2022

What is CVE-2022-38172?

A vulnerability in ServiceNow allows for cross-site scripting (XSS) attacks through user input in the name field when creating new dashboards in the Performance Analytics module. This security flaw can lead to unauthorized script execution in the context of the application's users, potentially compromising sensitive data and user sessions. Proper sanitization and validation of user inputs is crucial to mitigate this risk.

References

https://support.servicenow.com/kb?id=kb_article_view&sysp...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 23, 2022
Vulnerability Reserved
Aug 12, 2022

Servicenow

What is CVE-2022-38172?

References

CVSS V3.1

Timeline