ServiceNow IT Service Management Kingston through Patch... · CVE-2019-20768 · GitHub Advisory Database · GitHub

ServiceNow IT Service Management Kingston through Patch...

Low severity Unreviewed Published May 24, 2022 to the GitHub Advisory Database • Updated Jan 29, 2023

Package

No package listed— Suggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

ServiceNow IT Service Management Kingston through Patch 14-1, London through Patch 7, and Madrid before patch 4 allow stored XSS via crafted sysparm_item_guid and sys_id parameters in an Incident Request to service_catalog.do.

References

Published by the National Vulnerability Database

May 5, 2020

Published to the GitHub Advisory Database May 24, 2022

Last updated Jan 29, 2023