Pega: >> Pega Platform >> 7.1.9 Security Vulnerabilities
Pega Platform from 6.x to 8.8.4 is affected by an XXE issue with PDF Generation.
CVSS Score
7.7
EPSS Score
0.001
Published
2024-03-14
Pega Platform from 7.1.7 to 23.1.1 is affected by an XSS issue with editing/rendering user html content.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-03-06
Pega Platform versions 7.1 to 8.8.3 are affected by an HTML Injection issue with a name field utilized in Visual Business Director, however this field can only be modified by an authenticated administrative user.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-09-08
Pega platform clients who are using versions 6.1 through 7.3.1 may be
utilizing default credentials
CVSS Score
9.8
EPSS Score
0.002
Published
2023-08-07
Pega platform clients who are using versions 7.4 through 8.8.x and have upgraded from a version prior to 8.x may be utilizing default credentials.
CVSS Score
8.1
EPSS Score
0.002
Published
2023-06-22
Pega Platform before 8.4.0 has a XSS issue via stream rule parameters used in the request header.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-11-09
Pega Platform before version 8.2.6 is affected by a Reflected Cross-Site Scripting vulnerability in the "ActionStringID" function.
CVSS Score
8.8
EPSS Score
0.005
Published
2020-04-29
PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyActivity=GetWebInfo&target=popup&pzHarnessID=random_harness_id request to get database schema information while using a low-privilege account. NOTE: The vendor states that this vulnerability was discovered using an administrator account and they are normal administrator functions. Therefore, the claim that the CVE was done with a low privilege account is incorrect
CVSS Score
4.3
EPSS Score
0.002
Published
2019-11-26
An XSS issue was discovered in Designer Studio in Pegasystems Pega Platform 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2, 7.2.1, and 7.2.2. A user with developer credentials can insert malicious code (up to 64 characters) into a text field in Designer Studio, after establishing context. Designer Studio is the developer workbench for Pega Platform. That XSS payload will execute when other developers visit the affected pages.
CVSS Score
4.8
EPSS Score
0.003
Published
2018-02-27
Multiple cross-site scripting (XSS) vulnerabilities in PEGA Platform 7.2 ML0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to the main page; the (2) beanReference parameter to the JavaBean viewer page; or the (3) pyTableName to the System database schema modification page.
CVSS Score
6.1
EPSS Score
0.022
Published
2017-08-02
Page 1