CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50167
https://notcve.org/view.php?id=CVE-2023-50167
Pega Platform from 7.1.7 to 23.1.1 is affected by an XSS issue with editing/rendering user html content. Pega Platform de 7.1.7 a 23.1.1 se ve afectada por un problema XSS con la edición/presentación de contenido html del usuario. • https://support.pega.com/support-doc/pega-security-advisory-i23-vulnerability-remediation-note • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4843
https://notcve.org/view.php?id=CVE-2023-4843
Pega Platform versions 7.1 to 8.8.3 are affected by an HTML Injection issue with a name field utilized in Visual Business Director, however this field can only be modified by an authenticated administrative user. Las versiones 7.1 a 8.8.3 de Pega Platform se ven afectadas por un problema de Inyección HTML con un campo de nombre utilizado en Visual Business Director, sin embargo, este campo solo puede ser modificado por un usuario administrativo autenticado. • https://support.pega.com/support-doc/pega-security-advisory-%E2%80%93-d23-vulnerability-remediation-note? • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32090
https://notcve.org/view.php?id=CVE-2023-32090
Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default credentials • https://support.pega.com/support-doc/pega-security-advisory-%E2%80%93-c23-vulnerability-default-operators • CWE-287: Improper Authentication CWE-1393: Use of Default Password •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28094
https://notcve.org/view.php?id=CVE-2023-28094
Pega platform clients who are using versions 7.4 through 8.8.x and have upgraded from a version prior to 8.x may be utilizing default credentials. • https://support.pega.com/support-doc/pega-security-advisory-%E2%80%93-c23-vulnerability-default-operators? • CWE-1393: Use of Default Password •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26465
https://notcve.org/view.php?id=CVE-2023-26465
Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue. Las versiones 7.2 a 8.8.1 de Pega Platform están afectadas por un problema de Cross-Site Scripting (XSS). • https://support.pega.com/support-doc/pega-security-advisory-a23-vulnerability-remediation-note • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •