ServiceNow San Diego Patch 10 Hotfix 2
Approved changes feed: RSS · Atom
cpe:2.3:a:servicenow:servicenow:rome:patch_10_hotfix_2:*:*:*:*:*:*
part: a version: rome update: patch_10_hotfix_2
| Vendor | Servicenow (0282357a-abe6-5eb0-ac66-0fd9d8780053) |
|---|---|
| Product | Servicenow (b472b3bb-bc45-5baa-a24a-5e671525af9a) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:gitlab/gitlab-com/servicenow |
purl2cpe | 2026-06-01 10:14:20.127061 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-1209 |
vulnerable | 2026-06-08 05:52:34.110740 |
Details available
MEDIUM (4.3)
Cross-Site Scripting (XSS) vulnerabilities exist in ServiceNow records allowing an authenticated attacker to inject arbitrary scripts.
Published: 2023-05-23T16:41:28.194Z
Updated: 2025-01-17T17:45:49.612Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-46886 |
vulnerable | 2026-06-08 05:50:39.697342 |
Details available
MEDIUM (5.5)
There exists an open redirect within the response list update functionality of ServiceNow. This allows attackers to redirect users to arbitrary domains when clicking on a URL within a service-now domain.
Published: 2023-04-14T00:00:00.000Z
Updated: 2025-02-06T21:46:36.801Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-39048 |
vulnerable | 2026-06-08 05:47:17.778268 |
Cross-Site Scripting (XSS) vulnerability in ServiceNow UI page assessment_redirect
MEDIUM (6.1)
A XSS vulnerability was identified in the ServiceNow UI page assessment_redirect. To exploit this vulnerability, an attacker would need to persuade an authenticated user to click a maliciously crafted URL. Successful exploitation potentially could be used to conduct various client-side attacks, including, but not limited to, phishing, redirection, theft of CSRF tokens, and use of an authenticated user's browser or session to attack other systems.
Published: 2023-04-10T00:00:00.000Z
Updated: 2025-02-07T20:14:00.361Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.