Vulnerabilities > Pega

DATE CVE VULNERABILITY TITLE RISK
2024-09-12 CVE-2024-6700 Cross-site Scripting vulnerability in Pega Infinity
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with App name.
network
low complexity
pega CWE-79
4.8
2024-09-12 CVE-2024-6701 Cross-site Scripting vulnerability in Pega Infinity
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with case type.
network
low complexity
pega CWE-79
4.8
2024-09-12 CVE-2024-6702 Cross-site Scripting vulnerability in Pega Infinity
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage.
network
low complexity
pega CWE-79
4.8
2024-01-31 CVE-2023-50165 Server-Side Request Forgery (SSRF) vulnerability in Pega Platform
Pega Platform versions 8.2.1 to Infinity 23.1.0 are affected by an Generated PDF issue that could expose file contents.
network
low complexity
pega CWE-918
8.6
2024-01-31 CVE-2023-50166 Cross-site Scripting vulnerability in Pega Platform
Pega Platform from 8.5.4 to 8.8.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter.
network
low complexity
pega CWE-79
6.1
2023-10-18 CVE-2023-32087 Cross-site Scripting vulnerability in Pega Platform
Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with task creation
network
low complexity
pega CWE-79
6.1
2023-10-18 CVE-2023-32088 Cross-site Scripting vulnerability in Pega Platform
Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with ad-hoc case creation
network
low complexity
pega CWE-79
6.1
2023-10-18 CVE-2023-32089 Cross-site Scripting vulnerability in Pega Platform
Pega Platform versions 8.1 to 8.8.2 are affected by an XSS issue with Pin description
network
low complexity
pega CWE-79
6.1
2023-09-08 CVE-2023-4843 Cross-site Scripting vulnerability in Pega Platform
Pega Platform versions 7.1 to 8.8.3 are affected by an HTML Injection issue with a name field utilized in Visual Business Director, however this field can only be modified by an authenticated administrative user.
network
low complexity
pega CWE-79
4.8
2023-08-07 CVE-2023-32090 Improper Authentication vulnerability in Pega Platform
Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default credentials
network
low complexity
pega CWE-287
critical
9.8