Skip to main content

Pega Platform CVE-2022-35655

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2022-08-22 security@pega.com
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Aug 22, 2022 - 15:15 nvd
MEDIUM 6.1

DescriptionNVD

Pega Platform from 7.3 to 8.7.3 is affected by an XSS issue due to a misconfiguration of a datapage setting.

AnalysisAI

Pega Platform from 7.3 to 8.7.3 is affected by an XSS issue due to a misconfiguration of a datapage setting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Pega Platform from 7.3 to 8.7.3 is affected by an XSS issue due to a misconfiguration of a datapage setting. Affected products include: Pega Pega Platform.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2019-16387 HIGH POC
8.1 Nov 26

PEGA Platform 8.3.0 is vulnerable to a direct prweb/sso/random_token/!STANDARD?pyActivity=Data-Admin-DB-Name.DBSchema_Li

CVE-2017-11356 MEDIUM POC
6.5 Aug 02

The application distribution export functionality in PEGA Platform 7.2 ML0 and earlier allows remote authenticated users

CVE-2017-11355 MEDIUM POC
6.1 Aug 02

Multiple cross-site scripting (XSS) vulnerabilities in PEGA Platform 7.2 ML0 and earlier allow remote attackers to injec

CVE-2020-23957 MEDIUM POC
6.1 Dec 15

Pega Platform through 8.4.x is affected by Cross Site Scripting (XSS) via the ConnectionID parameter, as demonstrated by

CVE-2023-32090 CRITICAL
9.8 Aug 07

Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default credentials. Rated critical seve

CVE-2023-28094 CRITICAL
9.8 Jun 22

Pega platform clients who are using versions 7.4 through 8.8.x and have upgraded from a version prior to 8.x may be util

CVE-2020-8774 HIGH
8.8 Apr 29

Pega Platform before version 8.2.6 is affected by a Reflected Cross-Site Scripting vulnerability in the "ActionStringID"

CVE-2019-16388 MEDIUM POC
4.3 Nov 26

PEGA Platform 8.3.0 is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyStream=MyAle

CVE-2019-16386 MEDIUM POC
4.3 Nov 26

PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyActivi

CVE-2025-2160 HIGH
8.1 Apr 14

Pega Platform versions 8.4.3 to Infinity 24.2.1 are affected by an XSS issue with Mashup. Rated high severity (CVSS 8.1)

CVE-2025-2161 HIGH
7.1 Apr 14

Pega Platform versions 7.2.1 to Infinity 24.2.1 are affected by an XSS issue with Mashup. Rated high severity (CVSS 7.1)

CVE-2023-26465 MEDIUM
6.1 Jun 09

Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue. Rated medium severity (CVSS 6.1), this vulnerability i

Share

CVE-2022-35655 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy