11 results (0.004 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Pega Platform from 7.1.7 to 23.1.1 is affected by an XSS issue with editing/rendering user html content. Pega Platform de 7.1.7 a 23.1.1 se ve afectada por un problema XSS con la edición/presentación de contenido html del usuario. • https://support.pega.com/support-doc/pega-security-advisory-i23-vulnerability-remediation-note • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0

Pega Platform versions 7.1 to 8.8.3 are affected by an HTML Injection issue with a name field utilized in Visual Business Director, however this field can only be modified by an authenticated administrative user. Las versiones 7.1 a 8.8.3 de Pega Platform se ven afectadas por un problema de Inyección HTML con un campo de nombre utilizado en Visual Business Director, sin embargo, este campo solo puede ser modificado por un usuario administrativo autenticado. • https://support.pega.com/support-doc/pega-security-advisory-%E2%80%93-d23-vulnerability-remediation-note? • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Pega platform clients who are using versions 7.4 through 8.8.x and have upgraded from a version prior to 8.x may be utilizing default credentials. • https://support.pega.com/support-doc/pega-security-advisory-%E2%80%93-c23-vulnerability-default-operators? • CWE-1393: Use of Default Password •

CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0

Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue. Las versiones 7.2 a 8.8.1 de Pega Platform están afectadas por un problema de Cross-Site Scripting (XSS). • https://support.pega.com/support-doc/pega-security-advisory-a23-vulnerability-remediation-note • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alter CSRF settings directly. La vulnerabilidad de Pega Platform versiones desde 8.3 a 8.7.3, puede permitir a administradores de seguridad autenticados alterar la configuración de tipo CSRF directamente. • https://support.pega.com/support-doc/pega-security-advisory-d22-e22-f22-vulnerabilities-%E2%80%93-hotfix-matrix • CWE-352: Cross-Site Request Forgery (CSRF) •