CVE-2022-39048

high-risk
Published 2023-04-10

A XSS vulnerability was identified in the ServiceNow UI page assessment_redirect. To exploit this vulnerability, an attacker would need to persuade an authenticated user to click a maliciously crafted URL. Successful exploitation potentially could be used to conduct various client-side attacks, including, but not limited to, phishing, redirection, theft of CSRF tokens, and use of an authenticated user's browser or session to attack other systems.

Do I need to act?

!
24.7% chance of exploitation in next 30 days
EPSS score — higher than 75% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.1/10 Medium
NETWORK / LOW complexity

Affected Products (20)

Affected Vendors

Servicenow

References (4)

https://support.servicenow.com/
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1221892
https://support.servicenow.com/
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1221892
64
/ 100
high-risk
Severity 23/34 · High
Exploitability 15/34 · Moderate
Exposure 26/34 · High