Approved changes feed: RSS · Atom

cpe:2.3:a:servicenow:servicenow:rome:patch_10_hotfix_1:*:*:*:*:*:*

part: a version: rome update: patch_10_hotfix_1

VendorServicenow (0282357a-abe6-5eb0-ac66-0fd9d8780053)
ProductServicenow (b472b3bb-bc45-5baa-a24a-5e671525af9a)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:gitlab/gitlab-com/servicenow purl2cpe 2026-06-01 10:14:20.127060

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2023-1209 vulnerable 2026-06-08 05:52:34.110110 Details available
MEDIUM (4.3)
Cross-Site Scripting (XSS) vulnerabilities exist in ServiceNow records allowing an authenticated attacker to inject arbitrary scripts.
Published: 2023-05-23T16:41:28.194Z
Updated: 2025-01-17T17:45:49.612Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-46886 vulnerable 2026-06-08 05:50:39.696785 Details available
MEDIUM (5.5)
There exists an open redirect within the response list update functionality of ServiceNow. This allows attackers to redirect users to arbitrary domains when clicking on a URL within a service-now domain.
Published: 2023-04-14T00:00:00.000Z
Updated: 2025-02-06T21:46:36.801Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-39048 vulnerable 2026-06-08 05:47:17.777672 Cross-Site Scripting (XSS) vulnerability in ServiceNow UI page assessment_redirect
MEDIUM (6.1)
A XSS vulnerability was identified in the ServiceNow UI page assessment_redirect. To exploit this vulnerability, an attacker would need to persuade an authenticated user to click a maliciously crafted URL. Successful exploitation potentially could be used to conduct various client-side attacks, including, but not limited to, phishing, redirection, theft of CSRF tokens, and use of an authenticated user's browser or session to attack other systems.
Published: 2023-04-10T00:00:00.000Z
Updated: 2025-02-07T20:14:00.361Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.