ServiceNow AI Platform Reflected Cross-Site Scripting Vulnerability

A reflected cross-site scripting vulnerability has been identified in the ServiceNow AI Platform. This issue allows for arbitrary code execution in the browsers of users who click on a specially crafted link. ServiceNow has deployed security updates to most hosted instances and has made updates available for self-hosted customers, partners, and those with unique configurations. Customers are advised to apply the relevant updates or upgrades promptly.

Impact

Exploitation of this vulnerability could lead to reflected cross-site scripting, allowing for arbitrary code execution in the context of the user's browser.

Remediation

ServiceNow has released patches and hot fixes for this vulnerability. Hosted customers should refer to KB2552796 for guidance, while self-hosted customers can consult KB2552837. Specific patch details can be found in the ServiceNow knowledge base article KB2552817.