Page 2 of 18 results (0.008 seconds)

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alter CSRF settings directly. La vulnerabilidad de Pega Platform versiones desde 8.3 a 8.7.3, puede permitir a administradores de seguridad autenticados alterar la configuración de tipo CSRF directamente. • https://support.pega.com/support-doc/pega-security-advisory-d22-e22-f22-vulnerabilities-%E2%80%93-hotfix-matrix • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Pega Platform from 7.3 to 8.7.3 is affected by an XSS issue due to a misconfiguration of a datapage setting. Pega Platform versiones desde 7.3 a 8.7.3, está afectada por un problema de tipo XSS debido a una configuración errónea de un ajuste de la página de datos. • https://support.pega.com/support-doc/pega-security-advisory-d22-e22-f22-vulnerabilities-%E2%80%93-hotfix-matrix • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Pega Platform from 8.5.4 to 8.7.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter. Pega Platform versiones desde 8.5.4 a 8.7.3, está afectada por un problema de tipo XSS con un usuario no autenticado y el parámetro de redireccionamiento. • https://support.pega.com/support-doc/pega-security-advisory-d22-e22-f22-vulnerabilities-%E2%80%93-hotfix-matrix • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

pyActivity in Pega Platform 8.4.0.237 has a security misconfiguration that leads to an improper access control vulnerability via =GetWebInfo. pyActivity en Pega Platform versión 8.4.0.237, tiene una configuración inapropiada de seguridad que conlleva a una vulnerabilidad de control de acceso inapropiado por medio de =GetWebInfo • https://jayaramyalla.medium.com/sensitive-information-disclosure-due-to-improper-access-control-cve-2020-15390-124573c15824 • CWE-269: Improper Privilege Management •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

Pega Platform through 8.4.x is affected by Cross Site Scripting (XSS) via the ConnectionID parameter, as demonstrated by a pyActivity=Data-TRACERSettings.pzStartTracerSession request to a PRAuth URI. Pega Platform versiones hasta 8.4.x, está afectada por una vulnerabilidad de tipo Cross Site Scripting (XSS) por medio del parámetro ConnectionID, como es demostrado por una petición pyActivity=Data-TRACERSettings.pzStartTracerSession hacia un URI PRAuth • https://jayaramyalla.medium.com/cross-site-scripting-in-pega-cve-2020-23957-16d1c417da5f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •