CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-1298

ServiceNow has released upgrades and patches that address a Reflected Cross-Site scripting (XSS) vulnerability that was identified in the ServiceNow Polaris Layout. This vulnerability would enable an authenticated user to inject arbitrary scripts.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.009

EPSS Ranking 74.8%

CVSS Severity

CVSS v3 Score 4.3

References

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1310230
https://www.linkedin.com/in/osamay/
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1310230
https://www.linkedin.com/in/osamay/

Products affected by CVE-2023-1298

Servicenow » Servicenow » Version: san_diego

cpe:2.3:a:servicenow:servicenow:san_diego
Servicenow » Servicenow » Version: tokyo

cpe:2.3:a:servicenow:servicenow:tokyo
Servicenow » Servicenow » Version: utah

cpe:2.3:a:servicenow:servicenow:utah

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-1298

Products

Pricing

Contact Us