CVE-2022-46389 Information

Description

There exists a reflected XSS within the logout functionality of ServiceNow versions lower than Quebec Patch 10 Hotfix 11b Rome Patch 10 Hotfix 3b San Diego Patch 9 Tokyo Patch 4 and Utah GA. This enables an unauthenticated remote attacker to execute arbitrary JavaScript code in the browser-based web console.

Reference

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1272156