Loading
Generated remediation guidance and an executive summary. No account required.
There exists a reflected XSS within the logout functionality of ServiceNow versions lower than Quebec Patch 10 Hotfix 11b, Rome Patch 10 Hotfix 3b, San Diego Patch 9, Tokyo Patch 4, and Utah GA. This enables an unauthenticated remote attacker to execute arbitrary JavaScript code in the browser-based web console.
Use CWE-79, Servicenow vendor hub and Servicenow product page to widen CVE-2022-46389 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2024-4879, CVE-2024-5217 and CVE-2022-43684 for nearby disclosures in the same product family.