10 results (0.001 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Pega Platform from 7.1.7 to 23.1.1 is affected by an XSS issue with editing/rendering user html content. Pega Platform de 7.1.7 a 23.1.1 se ve afectada por un problema XSS con la edición/presentación de contenido html del usuario. • https://support.pega.com/support-doc/pega-security-advisory-i23-vulnerability-remediation-note • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0

Pega Platform versions 7.1 to 8.8.3 are affected by an HTML Injection issue with a name field utilized in Visual Business Director, however this field can only be modified by an authenticated administrative user. Las versiones 7.1 a 8.8.3 de Pega Platform se ven afectadas por un problema de Inyección HTML con un campo de nombre utilizado en Visual Business Director, sin embargo, este campo solo puede ser modificado por un usuario administrativo autenticado. • https://support.pega.com/support-doc/pega-security-advisory-%E2%80%93-d23-vulnerability-remediation-note? • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default credentials • https://support.pega.com/support-doc/pega-security-advisory-%E2%80%93-c23-vulnerability-default-operators • CWE-287: Improper Authentication CWE-1393: Use of Default Password •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Pega platform clients who are using versions 7.4 through 8.8.x and have upgraded from a version prior to 8.x may be utilizing default credentials. • https://support.pega.com/support-doc/pega-security-advisory-%E2%80%93-c23-vulnerability-default-operators? • CWE-1393: Use of Default Password •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Pega Platform before 8.4.0 has a XSS issue via stream rule parameters used in the request header. Pega Platform versiones anteriores a 8.4.0, presenta un problema de tipo XSS por medio de los parámetros de reglas de transmisión usados en el encabezado de la petición • https://community.pega.com/knowledgebase/products/platform/release-notes https://community.pega.com/knowledgebase/products/platform/resolved-issues?q=527502 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •