Platform

platform

Vendor: Pega • 8 CVEs

CVEs (8)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-50166 1Pega 1Platform Nov 21, 2024 Jan 31, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Pega Platform from 8.5.4 to 8.8.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter.
CVE-2023-50165 1Pega 1Platform Nov 21, 2024 Jan 31, 2024 N/A· v4 8.6 HIGH· v3 N/A· v2 Pega Platform versions 8.2.1 to Infinity 23.1.0 are affected by an Generated PDF issue that could expose file contents.
CVE-2023-32089 1Pega 1Platform Nov 21, 2024 Oct 18, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Pega Platform versions 8.1 to 8.8.2 are affected by an XSS issue with Pin description
CVE-2023-32088 1Pega 1Platform Nov 21, 2024 Oct 18, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with ad-hoc case creation
CVE-2023-32087 1Pega 1Platform Nov 21, 2024 Oct 18, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with task creation
CVE-2019-16374 1Pega 1Platform Nov 21, 2024 Aug 13, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Pega Platform 8.2.1 allows LDAP injection because a username can contain a * character and can be of unlimited length. An attacker can specify four characters of a username, followed by the * character, to bypass access...Show more Pega Platform 8.2.1 allows LDAP injection because a username can contain a * character and can be of unlimited length. An attacker can specify four characters of a username, followed by the * character, to bypass access control.Show less
CVE-2020-8775 1Pega 1Platform Nov 21, 2024 Apr 29, 2020 N/A· v4 8.9 HIGH· v3 6.0 MEDIUM· v2 Pega Platform before version 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the comment tags.
CVE-2020-8773 1Pega 1Platform Nov 21, 2024 Apr 29, 2020 N/A· v4 8.9 HIGH· v3 6.0 MEDIUM· v2 The Richtext Editor in Pega Platform before 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability.