CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50166
https://notcve.org/view.php?id=CVE-2023-50166
31 Jan 2024 — Pega Platform from 8.5.4 to 8.8.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter. Pega Platform de 8.5.4 a 8.8.3 se ve afectada por un problema XSS con un usuario no autenticado y el parámetro redirect. • https://support.pega.com/support-doc/pega-security-advisory-h23-vulnerability-remediation-note • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50165
https://notcve.org/view.php?id=CVE-2023-50165
31 Jan 2024 — Pega Platform versions 8.2.1 to Infinity 23.1.0 are affected by an Generated PDF issue that could expose file contents. Las versiones de Pega Platform 8.2.1 a Infinity 23.1.0 se ven afectadas por un problema de PDF generado que podría exponer el contenido del archivo. • https://support.pega.com/support-doc/pega-security-advisory-g23-vulnerability-remediation-note • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32089
https://notcve.org/view.php?id=CVE-2023-32089
18 Oct 2023 — Pega Platform versions 8.1 to 8.8.2 are affected by an XSS issue with Pin description Las versiones 8.1 a 8.8.2 de Pega Platform se ven afectadas por un problema XSS con la descripción del Pin • https://support.pega.com/support-doc/pega-security-advisory-e23-vulnerability-remediation-note • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32088
https://notcve.org/view.php?id=CVE-2023-32088
18 Oct 2023 — Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with ad-hoc case creation Las versiones 8.1 a Infinity 23.1.0 de Pega Platform se ven afectadas por un problema XSS con la creación de casos ad-hoc • https://support.pega.com/support-doc/pega-security-advisory-e23-vulnerability-remediation-note • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32087
https://notcve.org/view.php?id=CVE-2023-32087
18 Oct 2023 — Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with task creation Las versiones 8.1 a Infinity 23.1.0 de Pega Platform se ven afectadas por un problema XSS con la creación de tareas • https://support.pega.com/support-doc/pega-security-advisory-e23-vulnerability-remediation-note • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4843
https://notcve.org/view.php?id=CVE-2023-4843
08 Sep 2023 — Pega Platform versions 7.1 to 8.8.3 are affected by an HTML Injection issue with a name field utilized in Visual Business Director, however this field can only be modified by an authenticated administrative user. Las versiones 7.1 a 8.8.3 de Pega Platform se ven afectadas por un problema de Inyección HTML con un campo de nombre utilizado en Visual Business Director, sin embargo, este campo solo puede ser modificado por un usuario administrativo autenticado. • https://support.pega.com/support-doc/pega-security-advisory-%E2%80%93-d23-vulnerability-remediation-note? • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32090
https://notcve.org/view.php?id=CVE-2023-32090
07 Aug 2023 — Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default credentials Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default credentials • https://support.pega.com/support-doc/pega-security-advisory-%E2%80%93-c23-vulnerability-default-operators • CWE-287: Improper Authentication CWE-1393: Use of Default Password •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28094
https://notcve.org/view.php?id=CVE-2023-28094
22 Jun 2023 — Pega platform clients who are using versions 7.4 through 8.8.x and have upgraded from a version prior to 8.x may be utilizing default credentials. • https://support.pega.com/support-doc/pega-security-advisory-%E2%80%93-c23-vulnerability-default-operators? • CWE-1393: Use of Default Password •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26465
https://notcve.org/view.php?id=CVE-2023-26465
09 Jun 2023 — Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue. Las versiones 7.2 a 8.8.1 de Pega Platform están afectadas por un problema de Cross-Site Scripting (XSS). • https://support.pega.com/support-doc/pega-security-advisory-a23-vulnerability-remediation-note • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35656
https://notcve.org/view.php?id=CVE-2022-35656
22 Aug 2022 — Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alter CSRF settings directly. La vulnerabilidad de Pega Platform versiones desde 8.3 a 8.7.3, puede permitir a administradores de seguridad autenticados alterar la configuración de tipo CSRF directamente. • https://support.pega.com/support-doc/pega-security-advisory-d22-e22-f22-vulnerabilities-%E2%80%93-hotfix-matrix • CWE-352: Cross-Site Request Forgery (CSRF) •