Cross-Site Scripting (XSS) vulnerability in ServiceNow UI page assessment_redirect
CVE-2022-39048

6.1MEDIUM

Key Information:

Vendor: Servicenow
Status: Now Platform
Vendor: CVE Published:; 10 April 2023

What is CVE-2022-39048?

A XSS vulnerability was identified in the ServiceNow UI page assessment_redirect. To exploit this vulnerability, an attacker would need to persuade an authenticated user to click a maliciously crafted URL. Successful exploitation potentially could be used to conduct various client-side attacks, including, but not limited to, phishing, redirection, theft of CSRF tokens, and use of an authenticated user's browser or session to attack other systems.

Affected Version(s)

Now Platform Tokyo

Now Platform San Diego

Now Platform Rome

References

https://support.servicenow.com/

https://support.servicenow.com/kb?id=kb_article_view&sysp...

EPSS Score

15% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 10, 2023
Vulnerability Reserved
Aug 31, 2022

Credit

theamanrawat

Servicenow