CVE-2024-5890 - HTML Injection in the Assessment Plugin<!-- .SOKMKBArticle table.landingTable{ background: #283d40; width: 100%; border: 1px solid; border-color: #283d40; border-spacing:1px; } .SOKMKBArticle .header { background: #ffffff; padding: 15px 10px 10px 10px; margin: 30px 25px 0px 25px; width: 100%; border: 2px solid; border-color:#283d40; border-radius: 3px; text-align: center; } .SOKMKBArticle .footer2 { background: #ffffff; padding: 0px 10px 20px 10px; width: 100%; border: 2px solid; border-color:#283d40; border-radius: 3px; } .SOKMKBArticle .section { display: inline-block; border-radius: 3px; padding: 10px 10px 10px 10px; } .SOKMKBArticle .sop { background: #ffffff; padding: 5px 10px 10px 10px; margin: 5px 5px 5px 5px; height: 300px; border: 2px solid; border-radius: 3px; vertical-align: top; } .SOKMKBArticle .cwf { background: #ffffff; padding: 5px 10px 10px 10px; margin: 5px 5px 5px 5px; height: 100px; border: 2px solid; border-radius: 3px; vertical-align: top; } .SOKMKBArticle .rnr { background: #ffffff; padding: 5px 10px 10px 10px; margin: 5px 5px 5px 5px; height: 200px; width: 830px; border: 2px solid; border-radius: 3px; } .SOKMKBArticle .faq { background: #ffffff; padding: 5px 10px 10px 10px; margin: 5px 5px 5px 5px; height: 200px; width: 100%; border: 2px solid; border-radius: 3px; } .SOKMKBArticle .training { width: 100%; padding: 10px 5px 10px 5px; background-color: #b0e1ce; border: 1px solid; border-color: #81b5a1; } .SOKMKBArticle .training1 { width: 100%; padding: 10px 5px 10px 5px; background-color: #68a1af; border: 3px solid; border-color: #283d40; } .SOKMKBArticle .training2 { width: 100%; padding: 10px 5px 10px 5px; background-color: #fbd0b3; border: 3px solid; border-color: #ff924e; } .SOKMKBArticle .training3 { width: 100%; padding: 10px 5px 10px 5px; background-color: #e1eeea; border: 3px solid; border-color: #81b5a1; } .SOKMKBArticle .training4 { width: 100%; padding: 10px 5px 10px 5px; background-color: #dcf8ed; border: 3px solid; border-color: #64ddac; } .SOKMKBArticle .changetype { padding: 5px 5px 5px 15px; margin-top: 5px; background-color: #f5f9f7; border: 1px solid; border-color: #81b5a1; border-radius: 10px; } .SOKMKBArticle .button { padding: 5px 5px 5px 15px; margin-top: 5px; color: #ffffff; background-color: #ff924e; border: 1px solid; border-color: #cc4e00; border-radius: 10px; } .SOKMKBArticle div.margin{ padding: 10px 40px 40px 30px; color: #283d40; font-family: Century Gothic, Verdana, Helvetica, Arial, sans-serif; font-size: 10pt; } .SOKMKBArticle div.margin2{ margin: 10px 10px 10px 10px; color: #283d40; font-family: Century Gothic, Verdana, Helvetica, Arial, sans-serif; font-size: 10pt; border: 40px solid; border-color: #283d40; } .SOKMKBArticle div.fed{ background-color: #f5f8fa; border: 1px solid; border-color: #bfbfbf; padding: 10px; } .SOKMKBArticle .FedRestricted{ background-color: #c00000; color: #ffffff; padding: 10px; margin-top: 10px; text-align: center; font-size: 14pt; font-weight: bold; } .SOKMKBArticle .CustRestricted{ background-color: #ff0000; color: #ffffff; padding: 10px; margin-top: 10px; text-align: center; font-size: 14pt; font-weight: bold; } .SOKMKBArticle .SNRestricted{ background-color: #ea700d; color: #ffffff; padding: 10px; margin-top: 10px; text-align: center; font-size: 14pt; font-weight: bold; } .SOKMKBArticle .SNConfidential{ background-color: #ffc000; color: #ffffff; padding: 10px; margin-top: 10px; text-align: center; font-size: 14pt; font-weight: bold; } .SOKMKBArticle .Public{ background-color: #00b050; color: #ffffff; padding: 10px; margin-top: 10px; text-align: center; font-size: 14pt; font-weight: bold; } .SOKMKBArticle table.tocTable{ border: 1px solid; border-color:#f2f2f2; background-color: #f2f2f2; padding-top: .6em; padding-bottom: .6em; padding-left: .9em; padding-right: .6em; } .SOKMKBArticle table.noteTable{ align: left; border: none; border-color: #81b5a1; background-color: #f2f2f2; width: 100%; border-spacing:2; font-size:12px; } .SOKMKBArticle table.internalTable{ border-top: 1px solid; border-left: 1px solid; border-color:#81b5a1; width: 100%; border-spacing:1px; } .SOKMKBArticle .sp td{ border-bottom: 1px solid; border-right: 1px solid; border-color: #81b5a1; background-color: #ffffff; height: 20px; padding-top: .5em; padding-bottom: .5em; padding-left: .5em; padding-right: .5em; } .SOKMKBArticle .sphr td{ border-right: 1px solid; border-bottom: 1px solid; border-color: #81b5a1; background-color: rgb(245, 245, 245); padding-top: .5em; padding-bottom: .5em; padding-left: .5em; padding-right: .5em; height: 20px; } .SOKMKBArticle .sh td{ border-bottom: 1px solid; border-right: 1px solid; border-color:#81b5a1; background-color: #81b5a1; color: #ffffff; height: 20px; padding-top: .5em; padding-bottom: .5em; padding-left: .5em; padding-right: .5em; } .SOKMKBArticle th { padding-top: .5em; padding-bottom: .5em; padding-left: .5em; padding-right: .5em; border-bottom: 1px solid; border-right: 1px solid; border-color:#81b5a1; background-color: #283d40; font-family: Century Gothic, Verdana, Helvetica, Arial, sans-serif; font-size: 10pt; color: #ffffff; height: 20px; } .SOKMKBArticle td { border-color:#81b5a1; font-family: Century Gothic, Verdana, Helvetica, Arial, sans-serif; font-size: 10pt; color: #283d40; padding: 6px 12px; } .SOKMKBArticle p { color: #283d40; font-family: Century Gothic, Verdana, Helvetica, Arial, sans-serif; } .SOKMKBArticle li { color: #283d40; font-family: Century Gothic, Verdana, Helvetica, Arial, sans-serif; font-size: 10pt; line-height: 1.5; } .SOKMKBArticle pre { font-family: Courier New; } .SOKMKBArticle div { font-family: Century Gothic, Verdana, Helvetica, Arial, sans-serif; } .SOKMKBArticle hr { border-top-width: 1px; border-top-style: solid; border-top-color: #81b5a1; } .SOKMKBArticle a { color: #81b5a1; } .SOKMKBArticle a.two:link { padding: 15px 45px 15px 45px; margin-top: 20px; color: #ffffff; text-align: center; background-color: #81b5a1; border: 1px solid; border-color: #81b5a1; } .SOKMKBArticle a.two:visited { padding: 15px 45px 15px 45px; margin-top: 20px; color: #ffffff; text-align: center; background-color: #81b5a1; border: 1px solid; border-color: #81b5a1; } .SOKMKBArticle a.two:hover { color: #ffffff; background-color: #259b8a; } .SOKMKBArticle a.three:link { padding: 15px 45px 15px 45px; margin-top: 20px; color: #ffffff; text-align: center; background-color: #283d40; border: 2px solid; border-color: #81b5a1; } .SOKMKBArticle a.three:visited { padding: 15px 45px 15px 45px; margin-top: 20px; color: #ffffff; text-align: center; background-color: #283d40; border: 2px solid; border-color: #81b5a1; } .SOKMKBArticle a.three:hover { color: #283d40; background-color: #81b5a1; border: 2px solid; border-color: #81b5a1; } .SOKMKBArticle a.four:link { padding: 15px 45px 15px 45px; margin-top: 20px; color: #283d40; text-align: center; background-color: #ffffff; border: 2px solid; border-color: #81b5a1; } .SOKMKBArticle a.four:visited { padding: 15px 45px 15px 45px; margin-top: 20px; color: #283d40; text-align: center; background-color: #ffffff; border: 2px solid; border-color: #81b5a1; } .SOKMKBArticle a.four:hover { color: #ffffff; background-color: #259b8a; border: 2px solid; border-color: #259b8a; } .SOKMKBArticle a.five:link { padding: 15px 45px 15px 45px; margin-top: 20px; color: #283d40; text-align: center; background-color: #ffffff; border: 2px solid; border-color: #64ddac; } .SOKMKBArticle a.five:visited { padding: 15px 45px 15px 45px; margin-top: 20px; color: #283d40; text-align: center; background-color: #ffffff; border: 2px solid; border-color: #64ddac; } .SOKMKBArticle a.five:hover { color: #283d40; background-color: #28b980; border: 2px solid; border-color: #28b980; } .SOKMKBArticle a.six:link { padding: 15px 45px 15px 45px; margin-top: 20px; color: #283d40; text-align: center; background-color: #64ddac; border: 2px solid; border-color: #64ddac; } .SOKMKBArticle a.six:visited { padding: 15px 45px 15px 45px; margin-top: 20px; color: #283d40; text-align: center; background-color: #ffffff; border: 2px solid; border-color: #81b5a1; } .SOKMKBArticle a.six:hover { color: #283d40; background-color: #28b980; border: 2px solid; border-color: #28b980; } .SOKMKBArticle a.seven:link { padding: 15px 45px 15px 45px; margin-top: 20px; color: #283d40; text-align: center; background-color: #ffffff; border: 2px solid; border-color: #283d40; } .SOKMKBArticle a.seven:visited { padding: 15px 45px 15px 45px; margin-top: 20px; color: #283d40; text-align: center; background-color: #ffffff; border: 2px solid; border-color: #283d40; } .SOKMKBArticle a.seven:hover { color: #283d40; background-color: #c8dbdd; border: 2px solid; border-color: #283d40; } .SOKMKBArticle a.eight:link { padding: 15px 45px 15px 45px; margin-top: 20px; color: #ffffff; text-align: center; background-color: #283d40; border: 2px solid; border-color: #283d40; } .SOKMKBArticle a.eight:visited { padding: 15px 45px 15px 45px; margin-top: 20px; color: #ffffff; text-align: center; background-color: #283d40; border: 2px solid; border-color: #283d40; } .SOKMKBArticle a.eight:hover { color: #283d40; background-color: #c8dbdd; border: 2px solid; border-color: #283d40; } .SOKMKBArticle a.nine:link { padding: 15px 45px 15px 45px; margin-top: 20px; color: #283d40; text-align: center; background-color: #ffffff; border: 2px solid; border-color: #ff924e; } .SOKMKBArticle a.nine:visited { padding: 15px 45px 15px 45px; margin-top: 20px; color: #283d40; text-align: center; background-color: #ffffff; border: 2px solid; border-color: #ff924e; } .SOKMKBArticle a.nine:hover { color: #ffffff; background-color: #933700; border: 2px solid; border-color: #933700; } .SOKMKBArticle a.ten:link { padding: 15px 45px 15px 45px; margin-top: 20px; color: #283d40; text-align: center; background-color: #ff924e; border: 2px solid; border-color: #ff924e; } .SOKMKBArticle a.ten:visited { padding: 15px 45px 15px 45px; margin-top: 20px; color: #283d40; text-align: center; background-color: #ff924e; border: 2px solid; border-color: #ff924e; } .SOKMKBArticle a.ten:hover { color: #ffffff; background-color: #933700; border: 2px solid; border-color: #933700; } .SOKMKBArticle .button { padding: 15px 45px 15px 45px; margin-top: 20px; color: #ffffff; text-align: center; background-color: #1F8476; border: 1px solid; border-color: #1F8476; } .SOKMKBArticle .title { font-family: Century Gothic, Verdana, Helvetica, Arial, sans-serif; color: #81b5a1; font-size: 30pt; } .SOKMKBArticle .hd1{ font-family: Century Gothic, Verdana, Helvetica, Arial, sans-serif; color: #283d40; font-size: 20pt; border-bottom: 1px solid; border-bottom-color: #81b5a1; text-decoration: none; } .SOKMKBArticle h1 { font-family: Century Gothic, Verdana, Helvetica, Arial, sans-serif; color: #283d40; font-size: 20pt; font-weight: normal; border-bottom: 1px solid; border-bottom-color: #81b5a1; text-decoration: none; } .SOKMKBArticle .hd2{ font-family: Century Gothic, Verdana, Helvetica, Arial, sans-serif; color: #68a1af; font-weight:bold; font-size: 16pt; text-decoration: none; } .SOKMKBArticle h2 { font-family: Century Gothic, Verdana, Helvetica, Arial, sans-serif; color: #68a1af; font-weight:bold; font-size: 16pt; font-weight: normal; text-decoration: none; } .SOKMKBArticle .hd3{ font-family: Century Gothic, Verdana, Helvetica, Arial, sans-serif; color: #283d40; font-weight: normal; font-size:14pt; text-decoration: none; } .SOKMKBArticle h3 { font-family: Century Gothic, Verdana, Helvetica, Arial, sans-serif; color: #283d40; font-weight: normal; font-size:14pt; text-decoration: none; } .SOKMKBArticle .hd4{ font-family: Century Gothic, Verdana, Helvetica, Arial, sans-serif; color: #283d40; font-weight: normal; font-size: 12pt; text-decoration: none; } .SOKMKBArticle h4 { font-family: Century Gothic, Verdana, Helvetica, Arial, sans-serif; color: #283d40; font-weight: normal; font-size: 12pt; text-decoration: none; } .SOKMKBArticle .SOKMKBArticle .hd5{ font-family: Century Gothic, Verdana, Helvetica, Arial, sans-serif; color: #283d40; font-weight: bold; font-size: 10pt; text-decoration: bold; } .SOKMKBArticle h5 { font-family: Century Gothic, Verdana, Helvetica, Arial, sans-serif; color: #283d40; font-weight: bold; font-size: 10pt; text-decoration: bold; } .SOKMKBArticle .hd6{ font-family: Century Gothic, Verdana, Helvetica, Arial, sans-serif; color: #283d40; font-weight: normal; font-size: 10pt; text-decoration: underline; } .SOKMKBArticle h6 { font-family: Century Gothic, Verdana, Helvetica, Arial, sans-serif; color: #283d40; font-weight: normal; font-size: 10pt; text-decoration: underline; } .SOKMKBArticle details { font-size: 10pt; } .SOKMKBArticle details[open] summary ~ * { animation: sweep .5s; } @keyframes sweep { 0% {opacity: 0; margin-top: -10px} 100% {opacity: 1; margin-top: 0px} } .SOKMKBArticle summary { cursor: pointer; outline: none; } .SOKMKBArticle .summary { background-color: #81b5a1; font-size: 10px; color: white; cursor: pointer; padding: 5px; width: 100%; border: none; text-align: left; outline: none; vertical-align: top; } --> ServiceNow Posture December, 2024 Description ServiceNow has addressed an HTML injection vulnerability that was identified in the Now Platform. This vulnerability could potentially enable an unauthenticated user to modify a web page or redirect users to another website. Resolution ServiceNow released updates (listed below) to customers that addressed this vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance(s) as soon as possible. ReleaseFixed Version Utah Utah Patch 8 Hot Fix 1 Vancouver Vancouver Patch 10 Vancouver Patch 9 Washington Washington DC Early Access Additional Resources For more details, please see the following resource: https://www.cve.org/CVERecord?id=CVE-2024-5890 Change Log VersionPublishedSummary of Changes1.0December 2, 2024Initial publication