Medium severity4.3NVD Advisory· Published Dec 2, 2024· Updated Apr 15, 2026

CVE-2024-5890

Description

ServiceNow has addressed an HTML injection vulnerability that was identified in the Now Platform. This vulnerability could potentially enable an unauthenticated user to modify a web page or redirect users to another website.

ServiceNow released updates to customers that addressed this vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance(s) as soon as possible.

Affected products

Servicenow/Now Platformllm-fuzzy

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.servicenow.com/kbnvd

News mentions

No linked articles in our index yet.

cvss	0.280
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000