CyberSec.Space Logo
返回 CVE 浏览器

CVE-2019-20768

MEDIUM
5.4
CVSS Severity Score
EPSS Score0.0110%
EPSS Percentile40.87th
Published2020年5月5日
Last Modified2024年11月21日

Vulnerability Description

ServiceNow IT Service Management Kingston through Patch 14-1, London through Patch 7, and Madrid before patch 4 allow stored XSS via crafted sysparm_item_guid and sys_id parameters in an Incident Request to service_catalog.do.

Affected Platforms (CPE)

📦
Servicenow

It Service Management

= kingston
📦
Servicenow

It Service Management

= kingston
📦
Servicenow

It Service Management

= kingston
📦
Servicenow

It Service Management

= kingston
📦
Servicenow

It Service Management

= kingston
📦
Servicenow

It Service Management

= kingston
📦
Servicenow

It Service Management

= kingston
📦
Servicenow

It Service Management

= kingston
📦
Servicenow

It Service Management

= kingston
📦
Servicenow

It Service Management

= kingston
📦
Servicenow

It Service Management

= kingston
📦
Servicenow

It Service Management

= kingston
📦
Servicenow

It Service Management

= kingston
📦
Servicenow

It Service Management

= kingston
📦
Servicenow

It Service Management

= kingston
📦
Servicenow

It Service Management

= kingston
📦
Servicenow

It Service Management

= kingston
📦
Servicenow

It Service Management

= kingston
📦
Servicenow

It Service Management

= kingston
📦
Servicenow

It Service Management

= kingston
📦
Servicenow

It Service Management

= kingston
📦
Servicenow

It Service Management

= kingston
📦
Servicenow

It Service Management

= kingston
📦
Servicenow

It Service Management

= kingston
📦
Servicenow

It Service Management

= kingston
📦
Servicenow

It Service Management

= kingston
📦
Servicenow

It Service Management

= kingston
📦
Servicenow

It Service Management

= kingston
📦
Servicenow

It Service Management

= kingston
📦
Servicenow

It Service Management

= kingston
📦
Servicenow

It Service Management

= kingston
📦
Servicenow

It Service Management

= kingston
📦
Servicenow

It Service Management

= london
📦
Servicenow

It Service Management

= london
📦
Servicenow

It Service Management

= london
📦
Servicenow

It Service Management

= london
📦
Servicenow

It Service Management

= london
📦
Servicenow

It Service Management

= london
📦
Servicenow

It Service Management

= london
📦
Servicenow

It Service Management

= london
📦
Servicenow

It Service Management

= london
📦
Servicenow

It Service Management

= london
📦
Servicenow

It Service Management

= london
📦
Servicenow

It Service Management

= london
📦
Servicenow

It Service Management

= london
📦
Servicenow

It Service Management

= london
📦
Servicenow

It Service Management

= london
📦
Servicenow

It Service Management

= london
📦
Servicenow

It Service Management

= london
📦
Servicenow

It Service Management

= london
📦
Servicenow

It Service Management

= london
📦
Servicenow

It Service Management

= london
📦
Servicenow

It Service Management

= london
📦
Servicenow

It Service Management

= london
📦
Servicenow

It Service Management

= london
📦
Servicenow

It Service Management

= london
📦
Servicenow

It Service Management

= london
📦
Servicenow

It Service Management

= madrid
📦
Servicenow

It Service Management

= madrid
📦
Servicenow

It Service Management

= madrid
📦
Servicenow

It Service Management

= madrid
📦
Servicenow

It Service Management

= madrid
📦
Servicenow

It Service Management

= madrid
📦
Servicenow

It Service Management

= madrid
📦
Servicenow

It Service Management

= madrid
📦
Servicenow

It Service Management

= madrid

References & Advisories

🔗 https://outpost24.com/blog/Responsible-disclosure-Multiple-stored-XSS-vulnerabilities-discovered-in-ServiceNow-ITSM
🔗 https://outpost24.com/blog?tags=307
🔗 https://outpost24.com/blog/Responsible-disclosure-Multiple-stored-XSS-vulnerabilities-discovered-in-ServiceNow-ITSM
🔗 https://outpost24.com/blog?tags=307

相关漏洞威胁

CVE-2019-1664910.0

On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual med...

CVE-2019-1665010.0

On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same ...

CVE-2019-1264310.0

A vulnerability in the Cisco REST API virtual service container for Cisco IOS XE Software could allow an unauthenticated, remote a...

CVE-2020-1184410.0

Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: - Hybrid Cloud Ma...