Cross-Site Scripting (XSS) vulnerability in ServiceNow UI page assessment_redirect
CVE-2022-39048

6.1MEDIUM

Key Information:

Vendor: Servicenow
Status: Now Platform
Vendor: CVE Published:; 10 April 2023

What is CVE-2022-39048?

A XSS vulnerability was identified in the ServiceNow UI page assessment_redirect. To exploit this vulnerability, an attacker would need to persuade an authenticated user to click a maliciously crafted URL. Successful exploitation potentially could be used to conduct various client-side attacks, including, but not limited to, phishing, redirection, theft of CSRF tokens, and use of an authenticated user's browser or session to attack other systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Now Platform Tokyo

Now Platform San Diego

Now Platform Rome

References

https://support.servicenow.com/

https://support.servicenow.com/kb?id=kb_article_view&sysp...

EPSS Score

20% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 10, 2023
Vulnerability Reserved
Aug 31, 2022

Credit

theamanrawat

JSON

Servicenow