6.1

CVE-2022-39048

A XSS vulnerability was identified in the ServiceNow UI page assessment_redirect. To exploit this vulnerability, an attacker would need to persuade an authenticated user to click a maliciously crafted URL. Successful exploitation potentially could be used to conduct various client-side attacks, including, but not limited to, phishing, redirection, theft of CSRF tokens, and use of an authenticated user's browser or session to attack other systems.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ServicenowServicenow Versionquebec Update-
ServicenowServicenow Versionquebec Updatepatch_10
ServicenowServicenow Versionrome Updatepatch_1
ServicenowServicenow Versionrome Updatepatch_1_hotfix_1
ServicenowServicenow Versionrome Updatepatch_1_hotfix_1b
ServicenowServicenow Versionrome Updatepatch_1_hotfix_2
ServicenowServicenow Versionrome Updatepatch_1_hotfix_3
ServicenowServicenow Versionrome Updatepatch_10
ServicenowServicenow Versionrome Updatepatch_10_hotfix_1
ServicenowServicenow Versionrome Updatepatch_10_hotfix_2
ServicenowServicenow Versionrome Updatepatch_10_hotfix_2a
ServicenowServicenow Versionrome Updatepatch_2
ServicenowServicenow Versionrome Updatepatch_2_hotfix_1
ServicenowServicenow Versionrome Updatepatch_2_hotfix_2
ServicenowServicenow Versionrome Updatepatch_3
ServicenowServicenow Versionrome Updatepatch_3_hotfix_1
ServicenowServicenow Versionrome Updatepatch_4
ServicenowServicenow Versionrome Updatepatch_4_hotfix_1
ServicenowServicenow Versionrome Updatepatch_4_hotfix_1a
ServicenowServicenow Versionrome Updatepatch_4_hotfix_1b
ServicenowServicenow Versionrome Updatepatch_5
ServicenowServicenow Versionrome Updatepatch_5_hotfix_1
ServicenowServicenow Versionrome Updatepatch_5_hotfix_2
ServicenowServicenow Versionrome Updatepatch_6
ServicenowServicenow Versionrome Updatepatch_6_hotfix_1
ServicenowServicenow Versionrome Updatepatch_6_hotfix_2
ServicenowServicenow Versionrome Updatepatch_7
ServicenowServicenow Versionrome Updatepatch_7_hotfix_1
ServicenowServicenow Versionrome Updatepatch_7a
ServicenowServicenow Versionrome Updatepatch_7b
ServicenowServicenow Versionrome Updatepatch_8
ServicenowServicenow Versionrome Updatepatch_8_hotfix_1
ServicenowServicenow Versionrome Updatepatch_8_hotfix_2
ServicenowServicenow Versionrome Updatepatch_9
ServicenowServicenow Versionrome Updatepatch_9_hotfix_1
ServicenowServicenow Versionrome Updatepatch_9a
ServicenowServicenow Versionrome Updatepatch_9b
ServicenowServicenow Versionsan_diego Updatepatch_1
ServicenowServicenow Versionsan_diego Updatepatch_1_hotfix_1
ServicenowServicenow Versionsan_diego Updatepatch_1_hotfix_1a
ServicenowServicenow Versionsan_diego Updatepatch_1_hotfix_1b
ServicenowServicenow Versionsan_diego Updatepatch_2
ServicenowServicenow Versionsan_diego Updatepatch_2_hotfix_1
ServicenowServicenow Versionsan_diego Updatepatch_3
ServicenowServicenow Versionsan_diego Updatepatch_3_hotfix_1
ServicenowServicenow Versionsan_diego Updatepatch_3_hotfix_2
ServicenowServicenow Versionsan_diego Updatepatch_3_hotfix_3
ServicenowServicenow Versionsan_diego Updatepatch_3_hotfix_4
ServicenowServicenow Versionsan_diego Updatepatch_4
ServicenowServicenow Versionsan_diego Updatepatch_4a
ServicenowServicenow Versionsan_diego Updatepatch_4b
ServicenowServicenow Versionsan_diego Updatepatch_6
ServicenowServicenow Versionsan_diego Updatepatch_7
ServicenowServicenow Versionsan_diego Updatepatch_8
ServicenowServicenow Versiontokyo Update-
ServicenowServicenow Versiontokyo Updatepatch1
ServicenowServicenow Versionutah Update-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 20.22% 0.954
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.1 2.8 2.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
psirt@servicenow.com 6.1 2.8 2.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.