Reflected XSS at https://██████/

**Description:** There exists a reflected XSS within the logout functionality of ServiceNow. This enables an unauthenticated remote attacker to execute arbitrary JavaScript. ## References * https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1156793 ## Impact Steal cookies to account takeover. ## System Host(s) █████ ## Affected Product(s) and Version(s) ## CVE Numbers CVE-2022-38463 ## Steps to Reproduce 1.Go to https://████/logout_redirect.do?sysparm_url=//j%5c%5cjavascript%3aalert(document.domain) 2.You will see alert box like this. ███████ ## Suggested Mitigation/Remediation Actions