8 matches found
CVE-2019-16374
Vulnerability: Pega Platform 8.2.1 exposes an LDAP injection via usernames that can contain a * and be of unlimited length, enabling bypass of access control. Root cause (per sources): The username field allows a star character and unbounded length, which an attacker can exploit by supplying four...
CVE-2023-50165
CVE-2023-50165 affects Pega Platform versions 8.2.1 to Infinity 23.1.0. The issue arises in PDF generation, potentially exposing contents of documents. Impact is described as high confidentiality risk; no exploitation details are provided in the documents. Current connected sources do not specify...
CVE-2023-50166
Pega Platform versions 8.5.4–8.8.3 are affected by an input validation XSS vulnerability triggered by a redirect parameter, exploitable by an unauthenticated user. Affected component/area: Pega Platform runtime handling of redirect parameters. Reported impact is cross-site scripting with potentia...
CVE-2023-32088
CVE-2023-32088 affects Pegasystems Pega Platform versions 8.1 to Infinity 23.1.0 and is an XSS issue triggered during ad-hoc case creation. The entry documents the affected component (Pega Platform) and the vulnerability class (XSS) but does not disclose a concrete root cause, exploit details, or...
CVE-2020-8775
Pega Platform before version 8.2.6 is affected by a Stored Cross‑Site Scripting (XSS) vulnerability in the Comments tab. Root cause noted in CNVD as lack of proper validation of client‑side data in the WEB application, enabling execution of client‑side code. Affected product is Pegasystem Pega Pl...
CVE-2023-32089
Pega Platform (versions 8.1–8.8.2) is affected by a cross-site scripting (XSS) issue in the Pin description. The RISK and root cause are described across multiple connected sources (e.g., Red Hat, CNNVD, PrIon, PT- Security), consistently listing XSS as the vulnerability class and the deprecated/...
CVE-2020-8773
The CVE-2020-8773 entry affects Pegasystem’s Pega Platform Richtext Editor prior to version 8.2.6, with a Stored Cross-Site Scripting (XSS) vulnerability. The CNVD entry attributes the issue to a lack of proper client-side data validation, and Red Hat/CNVD/NVD references confirm the same flaw. CV...
CVE-2023-32087
CVE-2023-32087 affects Pegasystem PEGA Platform versions 8.1 to Infinity 23.1.0, with a cross-site scripting (XSS) vulnerability during task creation. The issue is documented across multiple sources (NVD, Red Hat, PRION, CVE lists, CNNVD) and is described as an XSS in the task creation flow. The ...