CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16374
https://notcve.org/view.php?id=CVE-2019-16374
Pega Platform 8.2.1 allows LDAP injection because a username can contain a * character and can be of unlimited length. An attacker can specify four characters of a username, followed by the * character, to bypass access control. Pega Platform versión 8.2.1, permite una inyección de LDAP porque un nombre de usuario puede contener un carácter * y puede ser de una longitud ilimitada. Un atacante puede especificar cuatro caracteres de un nombre de usuario, seguidos del carácter *, para omitir el control de acceso • https://community.pega.com/upgrade https://gist.github.com/IAG0110/0205823570ba04ec12e656f7f4602877 •
CVSS: 8.9EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8775
https://notcve.org/view.php?id=CVE-2020-8775
Pega Platform before version 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the comment tags. Pega Platform versiones anteriores a 8.2.6, está afectada por una vulnerabilidad de tipo Cross-Site Scripting (XSS) Almacenado en las etiquetas de comentarios. • https://community.pega.com/knowledgebase/products/platform/resolved-issues?q=issue%20529706&f%5B0%5D=version%3A32536 https://www.pega.com/products/pega-platform • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.9EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8773
https://notcve.org/view.php?id=CVE-2020-8773
The Richtext Editor in Pega Platform before 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability. El Richtext Editor en Pega Platform versiones anteriores a 8.2.6, está afectado por una vulnerabilidad de tipo Cross-Site Scripting (XSS) Almacenado. • https://community.pega.com/knowledgebase/products/platform/resolved-issues?q=issue%20529706&f%5B0%5D=version%3A32536 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •