Vulnerabilities > Servicenow > IT Service Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-05 | CVE-2019-20768 | Cross-site Scripting vulnerability in Servicenow IT Service Management Kingston/London/Madrid ServiceNow IT Service Management Kingston through Patch 14-1, London through Patch 7, and Madrid before patch 4 allow stored XSS via crafted sysparm_item_guid and sys_id parameters in an Incident Request to service_catalog.do. | 5.4 |
| 2018-03-15 | CVE-2018-8720 | Cross-site Scripting vulnerability in Servicenow IT Service Management ServiceNow ITSM 2016-06-02 has XSS via the First Name or Last Name field of My Profile (aka navpage.do), or the Search bar of My Portal (aka search_results.do). | 5.4 |