Reflected Cross-Site Scripting Vulnerability in ServiceNow Polaris Layout
CVE-2023-1298

6.1MEDIUM

Key Information:

Vendor: Servicenow
Status: Now User Experience
Vendor: CVE Published:; 6 July 2023

What is CVE-2023-1298?

A reflected cross-site scripting vulnerability has been identified in the ServiceNow Polaris Layout, allowing authenticated users to inject arbitrary scripts. This security flaw can potentially be exploited to manipulate web content and execute malicious scripts in the user's context, posing significant security risks. Upgrades and patches have been released by ServiceNow to mitigate this issue. Users are advised to apply these updates to enhance security and protect against potential exploits.

Affected Version(s)

Now User Experience 0

References

https://support.servicenow.com/kb?id=kb_article_view&sysp...

vendor-advisory

https://www.linkedin.com/in/osamay/

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 6, 2023
Vulnerability Reserved
Mar 9, 2023

Credit

Osama Yousef