Lucene search
K
PegaPlatform

8 matches found

CVE
CVE
added 2020/08/13 12:30 p.m.48 views

CVE-2019-16374

Vulnerability: Pega Platform 8.2.1 exposes an LDAP injection via usernames that can contain a * and be of unlimited length, enabling bypass of access control. Root cause (per sources): The username field allows a star character and unbounded length, which an attacker can exploit by supplying four...

9.8CVSS9.4AI score0.01876EPSS
CVE
CVE
added 2024/01/31 5:21 p.m.45 views

CVE-2023-50165

CVE-2023-50165 affects Pega Platform versions 8.2.1 to Infinity 23.1.0. The issue arises in PDF generation, potentially exposing contents of documents. Impact is described as high confidentiality risk; no exploitation details are provided in the documents. Current connected sources do not specify...

8.6CVSS8.4AI score0.00338EPSS
CVE
CVE
added 2024/01/31 5:26 p.m.45 views

CVE-2023-50166

Pega Platform versions 8.5.4–8.8.3 are affected by an input validation XSS vulnerability triggered by a redirect parameter, exploitable by an unauthenticated user. Affected component/area: Pega Platform runtime handling of redirect parameters. Reported impact is cross-site scripting with potentia...

6.1CVSS6AI score0.00336EPSS
CVE
CVE
added 2023/10/18 11:42 a.m.44 views

CVE-2023-32088

CVE-2023-32088 affects Pegasystems Pega Platform versions 8.1 to Infinity 23.1.0 and is an XSS issue triggered during ad-hoc case creation. The entry documents the affected component (Pega Platform) and the vulnerability class (XSS) but does not disclose a concrete root cause, exploit details, or...

6.1CVSS5.9AI score0.00298EPSS
CVE
CVE
added 2020/04/29 3:50 p.m.43 views

CVE-2020-8775

Pega Platform before version 8.2.6 is affected by a Stored Cross‑Site Scripting (XSS) vulnerability in the Comments tab. Root cause noted in CNVD as lack of proper validation of client‑side data in the WEB application, enabling execution of client‑side code. Affected product is Pegasystem Pega Pl...

8.9CVSS6.9AI score0.00839EPSS
CVE
CVE
added 2023/10/18 11:45 a.m.42 views

CVE-2023-32089

Pega Platform (versions 8.1–8.8.2) is affected by a cross-site scripting (XSS) issue in the Pin description. The RISK and root cause are described across multiple connected sources (e.g., Red Hat, CNNVD, PrIon, PT- Security), consistently listing XSS as the vulnerability class and the deprecated/...

6.1CVSS5.9AI score0.00298EPSS
CVE
CVE
added 2020/04/29 2:24 p.m.39 views

CVE-2020-8773

The CVE-2020-8773 entry affects Pegasystem’s Pega Platform Richtext Editor prior to version 8.2.6, with a Stored Cross-Site Scripting (XSS) vulnerability. The CNVD entry attributes the issue to a lack of proper client-side data validation, and Red Hat/CNVD/NVD references confirm the same flaw. CV...

8.9CVSS7.2AI score0.0083EPSS
CVE
CVE
added 2023/10/18 11:39 a.m.38 views

CVE-2023-32087

CVE-2023-32087 affects Pegasystem PEGA Platform versions 8.1 to Infinity 23.1.0, with a cross-site scripting (XSS) vulnerability during task creation. The issue is documented across multiple sources (NVD, Red Hat, PRION, CVE lists, CNNVD) and is described as an XSS in the task creation flow. The ...

6.1CVSS5.9AI score0.00298EPSS