Vulnerabilities > Servicenow > IT Service Management > madrid
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-05 | CVE-2019-20768 | Cross-site Scripting vulnerability in Servicenow IT Service Management Kingston/London/Madrid ServiceNow IT Service Management Kingston through Patch 14-1, London through Patch 7, and Madrid before patch 4 allow stored XSS via crafted sysparm_item_guid and sys_id parameters in an Incident Request to service_catalog.do. | 5.4 |