Vulnerabilities > Pega > Infinity > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-12 | CVE-2024-6700 | Cross-site Scripting vulnerability in Pega Infinity Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with App name. | 4.8 |
| 2024-09-12 | CVE-2024-6701 | Cross-site Scripting vulnerability in Pega Infinity Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with case type. | 4.8 |
| 2024-09-12 | CVE-2024-6702 | Cross-site Scripting vulnerability in Pega Infinity Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage. | 4.8 |
| 2022-01-28 | CVE-2021-27654 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Pega Infinity Forgotten password reset functionality for local accounts can be used to bypass local authentication checks. | 4.6 |
| 2021-04-01 | CVE-2021-27653 | Unspecified vulnerability in Pega Infinity Misconfiguration of the Pega Chat Access Group portal in Pega platform 7.4.0 - 8.5.x could lead to unintended data exposure. | 4.0 |