CVE-2023-1298 MEDIUM

CVE-2023-1298

Vendor Servicenow
Product Now User Experience
Weakness CWE-79 · XSS
Published July 6, 2023
Last update October 21, 2024
View on NVD All CVEs

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

ServiceNow has released upgrades and patches that address a Reflected Cross-Site scripting (XSS) vulnerability that was identified in the ServiceNow Polaris Layout. This vulnerability would enable an authenticated user to inject arbitrary scripts.

Key dates

02Disclosure timeline

July 6, 2023 CVE published
October 21, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-0282 Kashipara Food Management System addmaterialsubmit.php cross site scripting CVE-2022-23133 Stored XSS in host groups configuration window in Zabbix Frontend CVE-2021-21079 Adobe Connect Reflected Cross-site Scripting via archiveOffset parameter CVE-2024-44064 WordPress Like Button Rating LikeBtn plugin <= 2.6.53 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2023-43647 baserCMS Cross-site Scripting vulnerability in File upload Feature