Loading
Generated remediation guidance and an executive summary. No account required.
ServiceNow IT Service Management Kingston through Patch 14-1, London through Patch 7, and Madrid before patch 4 allow stored XSS via crafted sysparm_item_guid and sys_id parameters in an Incident Request to service_catalog.do.
Use CWE-79, Servicenow vendor hub and It Service Management product page to widen CVE-2019-20768 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2018-8720 for nearby disclosures in the same product family.