CVE-2024-5890

MEDIUM

ServiceNow Now Platform < Utah Patch 8 Hot Fix 1, < Vancouver Patch 10, < Washington DC Early Access - HTML Injection

Title source: llm
STIX 2.1

Description

ServiceNow has addressed an HTML injection vulnerability that was identified in the Now Platform. This vulnerability could potentially enable an unauthenticated user to modify a web page or redirect users to another website. ServiceNow released updates to customers that addressed this vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance(s) as soon as possible.

References (1)

Core 1

Scores

CVSS v3 4.3
EPSS 0.0030
EPSS Percentile 21.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (4)
ServiceNow/Now Platform < Utah Patch 8 Hot Fix 1
ServiceNow/Now Platform < Vancouver Patch 10
ServiceNow/Now Platform < Vancouver Patch 9
ServiceNow/Now Platform < Washington DC Early Access
Published Dec 02, 2024
Tracked Since Feb 18, 2026