Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Pega_platform
(Pega)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 16 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-06-09 | CVE-2023-26465 | Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue. | Pega_platform | 6.1 | ||
| 2022-08-22 | CVE-2022-35654 | Pega Platform from 8.5.4 to 8.7.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter. | Pega_platform | 6.1 | ||
| 2022-08-22 | CVE-2022-35655 | Pega Platform from 7.3 to 8.7.3 is affected by an XSS issue due to a misconfiguration of a datapage setting. | Pega_platform | 6.1 | ||
| 2022-08-22 | CVE-2022-35656 | Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alter CSRF settings directly. | Pega_platform | 4.5 | ||
| 2021-04-12 | CVE-2020-15390 | pyActivity in Pega Platform 8.4.0.237 has a security misconfiguration that leads to an improper access control vulnerability via =GetWebInfo. | Pega_platform | 9.8 | ||
| 2020-12-15 | CVE-2020-23957 | Pega Platform through 8.4.x is affected by Cross Site Scripting (XSS) via the ConnectionID parameter, as demonstrated by a pyActivity=Data-TRACERSettings.pzStartTracerSession request to a PRAuth URI. | Pega_platform | 6.1 | ||
| 2020-11-09 | CVE-2020-24353 | Pega Platform before 8.4.0 has a XSS issue via stream rule parameters used in the request header. | Pega_platform | 6.1 | ||
| 2018-02-27 | CVE-2017-17478 | An XSS issue was discovered in Designer Studio in Pegasystems Pega Platform 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2, 7.2.1, and 7.2.2. A user with developer credentials can insert malicious code (up to 64 characters) into a text field in Designer Studio, after establishing context. Designer Studio is the developer workbench for Pega Platform. That XSS payload will execute when other developers visit the affected pages. | Pega_platform | 4.8 | ||
| 2017-08-02 | CVE-2017-11356 | The application distribution export functionality in PEGA Platform 7.2 ML0 and earlier allows remote authenticated users with certain privileges to obtain sensitive configuration information by leveraging a missing access control. | Pega_platform | 6.5 | ||
| 2017-08-02 | CVE-2017-11355 | Multiple cross-site scripting (XSS) vulnerabilities in PEGA Platform 7.2 ML0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to the main page; the (2) beanReference parameter to the JavaBean viewer page; or the (3) pyTableName to the System database schema modification page. | Pega_platform | 6.1 |