Update CVE-2022-38463.yaml

patch-1
Ritik Chaddha 2022-08-25 20:36:51 +05:30 committed by GitHub
parent 4d86d4554d
commit 546d97be20
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 18 additions and 2 deletions

View File

@ -1,13 +1,20 @@
id: CVE-2022-38463
info:
name: rXSS ServiceNow
name: ServiceNow - Cross Site Scripting
author: amanrawat
severity: medium
description: |
There exists a reflected XSS within the logout functionality of ServiceNow. This enables an unauthenticated remote attacker to execute arbitrary JavaScript.
reference:
- https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1156793
- https://nvd.nist.gov/vuln/detail/CVE-2022-38463
classification:
cve-id: CVE-2022-38463
metadata:
verified: true
shodan-query: http.title:"ServiceNow"
tags: servicenow,xss
requests:
- method: GET
@ -20,3 +27,12 @@ requests:
part: body
words:
- "top.location.href = 'javascript:alert(document.domain)';"
- type: word
part: header
words:
- text/html
- type: status
status:
- 200