Servicenow: >> It Service Management Security Vulnerabilities
ServiceNow IT Service Management Kingston through Patch 14-1, London through Patch 7, and Madrid before patch 4 allow stored XSS via crafted sysparm_item_guid and sys_id parameters in an Incident Request to service_catalog.do.
CVSS Score
5.4
EPSS Score
0.004
Published
2020-05-05
ServiceNow ITSM 2016-06-02 has XSS via the First Name or Last Name field of My Profile (aka navpage.do), or the Search bar of My Portal (aka search_results.do).
CVSS Score
5.4
EPSS Score
0.002
Published
2018-03-15