Arbitrary Web Script Injection Vulnerability in ServiceNow Employee Service Center and Service Portal
CVE-2022-42704 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
A cross-site scripting (XSS) vulnerability in Employee Service Center (esc) and Service Portal (sp) in ServiceNow Quebec, Rome, and San Diego allows remote attackers to inject arbitrary web script via the Standard Ticket Conversations widget.
Learn more about our Web App Pen Testing.