CVSS: 5.4EPSS: 0%CPEs: 66EXPL: 1CVE-2019-20768
https://notcve.org/view.php?id=CVE-2019-20768
05 May 2020 — ServiceNow IT Service Management Kingston through Patch 14-1, London through Patch 7, and Madrid before patch 4 allow stored XSS via crafted sysparm_item_guid and sys_id parameters in an Incident Request to service_catalog.do. ServiceNow IT Service Management Kingston hasta el parche 14-1, London hasta el parche 7 y Madrid antes del parche 4, permiten un ataque de tipo XSS almacenado por medio de los parámetros sysparm_item_guid y sys_id diseñados en una Petición de Incidente a service_catalog.do. • https://outpost24.com/blog/Responsible-disclosure-Multiple-stored-XSS-vulnerabilities-discovered-in-ServiceNow-ITSM • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •