CVE-2023-1298
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
06/07/2023
Last modified:
17/12/2024
Description
ServiceNow has released upgrades and patches that address a Reflected Cross-Site scripting (XSS) vulnerability that was identified in the ServiceNow Polaris Layout. This vulnerability would enable an authenticated user to inject arbitrary scripts.<br />
Impact
Base Score 3.x
4.30
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:servicenow:servicenow:san_diego:patch_1:*:*:*:*:*:* | ||
| cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1:*:*:*:*:*:* | ||
| cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1a:*:*:*:*:*:* | ||
| cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1b:*:*:*:*:*:* | ||
| cpe:2.3:a:servicenow:servicenow:san_diego:patch_2:*:*:*:*:*:* | ||
| cpe:2.3:a:servicenow:servicenow:san_diego:patch_2_hotfix_1:*:*:*:*:*:* | ||
| cpe:2.3:a:servicenow:servicenow:san_diego:patch_3:*:*:*:*:*:* | ||
| cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_1:*:*:*:*:*:* | ||
| cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_2:*:*:*:*:*:* | ||
| cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_3:*:*:*:*:*:* | ||
| cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_4:*:*:*:*:*:* | ||
| cpe:2.3:a:servicenow:servicenow:san_diego:patch_4:*:*:*:*:*:* | ||
| cpe:2.3:a:servicenow:servicenow:san_diego:patch_4a:*:*:*:*:*:* | ||
| cpe:2.3:a:servicenow:servicenow:san_diego:patch_4b:*:*:*:*:*:* | ||
| cpe:2.3:a:servicenow:servicenow:san_diego:patch_5:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page