Unrated severityNVD Advisory· Published Apr 17, 2023· Updated Feb 6, 2025

Cross-Site Scripting (XSS) vulnerability found on logout functionality

CVE-2022-46389

Description

There exists a reflected XSS within the logout functionality of ServiceNow versions lower than Quebec Patch 10 Hotfix 11b, Rome Patch 10 Hotfix 3b, San Diego Patch 9, Tokyo Patch 4, and Utah GA. This enables an unauthenticated remote attacker to execute arbitrary JavaScript code in the browser-based web console.

Affected products

Servicenow/Now Platformv5
Range: Quebec

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.servicenow.com/kbmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000