Arbitrary Web Script Injection Vulnerability in ServiceNow Employee Service Center and Service Portal

Arbitrary Web Script Injection Vulnerability in ServiceNow Employee Service Center and Service Portal

CVE-2022-42704 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

A cross-site scripting (XSS) vulnerability in Employee Service Center (esc) and Service Portal (sp) in ServiceNow Quebec, Rome, and San Diego allows remote attackers to inject arbitrary web script via the Standard Ticket Conversations widget.

Learn more about our Web App Pen Testing.