Unrated severityNVD Advisory· Published Jan 12, 2023· Updated Apr 9, 2025

CVE-2022-42704

Description

A cross-site scripting (XSS) vulnerability in Employee Service Center (esc) and Service Portal (sp) in ServiceNow Quebec, Rome, and San Diego allows remote attackers to inject arbitrary web script via the Standard Ticket Conversations widget.

Affected products

Servicenow/Servicenowcpe-rescue2 versions
(expand)+ 1 more
- (no CPE)
- (no CPE)range: Quebec, Rome, San Diego
Cisco Systems, Inc./Cisco Services Portalllm-fuzzy
Range: Quebec, Rome, San Diego

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.servicenow.com/kbmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000