Vulnerability Details CVE-2022-42704
A cross-site scripting (XSS) vulnerability in Employee Service Center (esc) and Service Portal (sp) in ServiceNow Quebec, Rome, and San Diego allows remote attackers to inject arbitrary web script via the Standard Ticket Conversations widget.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.7%
CVSS Severity
CVSS v3 Score 5.4
References
Products affected by CVE-2022-42704
-
cpe:2.3:a:servicenow:servicenow:quebec
-
cpe:2.3:a:servicenow:servicenow:rome
-
cpe:2.3:a:servicenow:servicenow:san_diego