CVE-2019-20768

Exploit

EPSS 0.21%
Veröffentlicht 05.05.2020 22:15:12
Zuletzt bearbeitet 21.11.2024 04:39:18
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

ServiceNow IT Service Management Kingston through Patch 14-1, London through Patch 7, and Madrid before patch 4 allow stored XSS via crafted sysparm_item_guid and sys_id parameters in an Incident Request to service_catalog.do.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Servicenow ≫ It Service Management Versionkingston Update-

Servicenow ≫ It Service Management Versionkingston Updatepatch_1

Servicenow ≫ It Service Management Versionkingston Updatepatch_10

Servicenow ≫ It Service Management Versionkingston Updatepatch_10-1

Servicenow ≫ It Service Management Versionkingston Updatepatch_10-2

Servicenow ≫ It Service Management Versionkingston Updatepatch_11

Servicenow ≫ It Service Management Versionkingston Updatepatch_12

Servicenow ≫ It Service Management Versionkingston Updatepatch_12-1

Servicenow ≫ It Service Management Versionkingston Updatepatch_12-2

Servicenow ≫ It Service Management Versionkingston Updatepatch_13

Servicenow ≫ It Service Management Versionkingston Updatepatch_14

Servicenow ≫ It Service Management Versionkingston Updatepatch_14-1

Servicenow ≫ It Service Management Versionkingston Updatepatch_2

Servicenow ≫ It Service Management Versionkingston Updatepatch_3

Servicenow ≫ It Service Management Versionkingston Updatepatch_3-1

Servicenow ≫ It Service Management Versionkingston Updatepatch_3-2

Servicenow ≫ It Service Management Versionkingston Updatepatch_3a-1

Servicenow ≫ It Service Management Versionkingston Updatepatch_4

Servicenow ≫ It Service Management Versionkingston Updatepatch_4-1

Servicenow ≫ It Service Management Versionkingston Updatepatch_4-2

Servicenow ≫ It Service Management Versionkingston Updatepatch_4-4

Servicenow ≫ It Service Management Versionkingston Updatepatch_5

Servicenow ≫ It Service Management Versionkingston Updatepatch_6

Servicenow ≫ It Service Management Versionkingston Updatepatch_6-1

Servicenow ≫ It Service Management Versionkingston Updatepatch_6-2

Servicenow ≫ It Service Management Versionkingston Updatepatch_6-3

Servicenow ≫ It Service Management Versionkingston Updatepatch_6-5

Servicenow ≫ It Service Management Versionkingston Updatepatch_7

Servicenow ≫ It Service Management Versionkingston Updatepatch_7-1

Servicenow ≫ It Service Management Versionkingston Updatepatch_8

Servicenow ≫ It Service Management Versionkingston Updatepatch_8-1

Servicenow ≫ It Service Management Versionkingston Updatepatch_9

Servicenow ≫ It Service Management Versionlondon Update-

Servicenow ≫ It Service Management Versionlondon Updatepatch_1

Servicenow ≫ It Service Management Versionlondon Updatepatch_1-2

Servicenow ≫ It Service Management Versionlondon Updatepatch_1-3

Servicenow ≫ It Service Management Versionlondon Updatepatch_2

Servicenow ≫ It Service Management Versionlondon Updatepatch_2-2

Servicenow ≫ It Service Management Versionlondon Updatepatch_2-4

Servicenow ≫ It Service Management Versionlondon Updatepatch_2-5

Servicenow ≫ It Service Management Versionlondon Updatepatch_3

Servicenow ≫ It Service Management Versionlondon Updatepatch_3-3

Servicenow ≫ It Service Management Versionlondon Updatepatch_3-4

Servicenow ≫ It Service Management Versionlondon Updatepatch_4

Servicenow ≫ It Service Management Versionlondon Updatepatch_4-1

Servicenow ≫ It Service Management Versionlondon Updatepatch_4-2

Servicenow ≫ It Service Management Versionlondon Updatepatch_4-3

Servicenow ≫ It Service Management Versionlondon Updatepatch_4-4

Servicenow ≫ It Service Management Versionlondon Updatepatch_4-5

Servicenow ≫ It Service Management Versionlondon Updatepatch_4-6

Servicenow ≫ It Service Management Versionlondon Updatepatch_5

Servicenow ≫ It Service Management Versionlondon Updatepatch_5-1

Servicenow ≫ It Service Management Versionlondon Updatepatch_6

Servicenow ≫ It Service Management Versionlondon Updatepatch_6-1

Servicenow ≫ It Service Management Versionlondon Updatepatch_6a-1

Servicenow ≫ It Service Management Versionlondon Updatepatch_6b-1

Servicenow ≫ It Service Management Versionlondon Updatepatch_7

Servicenow ≫ It Service Management Versionmadrid Update-

Servicenow ≫ It Service Management Versionmadrid Updatepatch_0-1

Servicenow ≫ It Service Management Versionmadrid Updatepatch_1

Servicenow ≫ It Service Management Versionmadrid Updatepatch_1-1

Servicenow ≫ It Service Management Versionmadrid Updatepatch_1-2

Servicenow ≫ It Service Management Versionmadrid Updatepatch_2

Servicenow ≫ It Service Management Versionmadrid Updatepatch_3

Servicenow ≫ It Service Management Versionmadrid Updatepatch_3-1

Servicenow ≫ It Service Management Versionmadrid Updatepatch_3-2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.21%	0.428

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://outpost24.com/blog/Responsible-disclosure-Multiple-stored-XSS-vulnerabilities-discovered-in-ServiceNow-ITSM

Third Party Advisory

Exploit

https://outpost24.com/blog?tags=307

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-20768

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-20768

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-20768

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2019-20768