Page 2 of 10 results (0.003 seconds)

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-32087

https://notcve.org/view.php?id=CVE-2023-32087

Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with task creation Las versiones 8.1 a Infinity 23.1.0 de Pega Platform se ven afectadas por un problema XSS con la creación de tareas • https://support.pega.com/support-doc/pega-security-advisory-e23-vulnerability-remediation-note • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.9EPSS: 0%CPEs: 4EXPL: 0

CVE-2023-45162 – Blind SQL vulnerability in 1E platform

https://notcve.org/view.php?id=CVE-2023-45162

Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution.  Application of the relevant hotfix remediates this issue. for v8.1.2 apply hotfix Q23166 for v8.4.1 apply hotfix Q23164 for v9.0.1 apply hotfix Q23169 SaaS implementations on v23.7.1 will automatically have hotfix Q23173 applied. Customers with SaaS versions below this are urged to upgrade urgently - please contact 1E to arrange this Las versiones afectadas de 1E Platform tienen una vulnerabilidad de inyección Blind SQL que puede provocar la ejecución de código arbitrario. La aplicación del hotfix correspondiente soluciona este problema. para v8.1.2 aplique hotfix Q23166 para v8.4.1 aplique hotfix Q23164 para v9.0.1 aplique hotfix Q23169 Las implementaciones de SaaS en v23.7.1 tendrán automáticamente aplicado el hotfix Q23173. Se insta a los clientes con versiones de SaaS inferiores a esta a actualizar urgentemente; comuníquese con 1E para organizar esto. • https://www.1e.com/trust-security-compliance/cve-info • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-16374

https://notcve.org/view.php?id=CVE-2019-16374

Pega Platform 8.2.1 allows LDAP injection because a username can contain a * character and can be of unlimited length. An attacker can specify four characters of a username, followed by the * character, to bypass access control. Pega Platform versión 8.2.1, permite una inyección de LDAP porque un nombre de usuario puede contener un carácter * y puede ser de una longitud ilimitada. Un atacante puede especificar cuatro caracteres de un nombre de usuario, seguidos del carácter *, para omitir el control de acceso • https://community.pega.com/upgrade https://gist.github.com/IAG0110/0205823570ba04ec12e656f7f4602877 •

CVSS: 8.9EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-8775

https://notcve.org/view.php?id=CVE-2020-8775

Pega Platform before version 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the comment tags. Pega Platform versiones anteriores a 8.2.6, está afectada por una vulnerabilidad de tipo Cross-Site Scripting (XSS) Almacenado en las etiquetas de comentarios. • https://community.pega.com/knowledgebase/products/platform/resolved-issues?q=issue%20529706&f%5B0%5D=version%3A32536 https://www.pega.com/products/pega-platform • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.9EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-8773

https://notcve.org/view.php?id=CVE-2020-8773

The Richtext Editor in Pega Platform before 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability. El Richtext Editor en Pega Platform versiones anteriores a 8.2.6, está afectado por una vulnerabilidad de tipo Cross-Site Scripting (XSS) Almacenado. • https://community.pega.com/knowledgebase/products/platform/resolved-issues?q=issue%20529706&f%5B0%5D=version%3A32536 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •