Skip to main content

Pega Platform

19 CVEs product

Monthly

CVE-2025-8681 MEDIUM This Month

Pega Platform versions 7.1.0 to Infinity 24.2.2 are affected by a Stored XSS issue in a user interface component. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Pega Platform
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-2161 HIGH PATCH This Week

Pega Platform versions 7.2.1 to Infinity 24.2.1 are affected by an XSS issue with Mashup. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pega Platform Suse
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2025-2160 HIGH This Week

Pega Platform versions 8.4.3 to Infinity 24.2.1 are affected by an XSS issue with Mashup. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pega Platform
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2024-12211 MEDIUM This Month

Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an Stored XSS issue with profile. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Pega Platform
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-4843 MEDIUM This Month

Pega Platform versions 7.1 to 8.8.3 are affected by an HTML Injection issue with a name field utilized in Visual Business Director, however this field can only be modified by an authenticated. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Pega Platform
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-32090 CRITICAL Act Now

Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pega Platform
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-28094 CRITICAL Act Now

Pega platform clients who are using versions 7.4 through 8.8.x and have upgraded from a version prior to 8.x may be utilizing default credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pega Platform
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-26465 MEDIUM This Month

Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pega Platform
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-35656 MEDIUM This Month

Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alter CSRF settings directly. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Pega Platform
NVD
CVSS 3.1
4.5
EPSS
0.3%
CVE-2022-35655 MEDIUM This Month

Pega Platform from 7.3 to 8.7.3 is affected by an XSS issue due to a misconfiguration of a datapage setting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pega Platform
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-35654 MEDIUM This Month

Pega Platform from 8.5.4 to 8.7.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pega Platform
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2020-23957 MEDIUM POC This Month

Pega Platform through 8.4.x is affected by Cross Site Scripting (XSS) via the ConnectionID parameter, as demonstrated by a pyActivity=Data-TRACERSettings.pzStartTracerSession request to a PRAuth URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pega Platform
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-24353 MEDIUM This Month

Pega Platform before 8.4.0 has a XSS issue via stream rule parameters used in the request header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pega Platform
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-8774 HIGH This Week

Pega Platform before version 8.2.6 is affected by a Reflected Cross-Site Scripting vulnerability in the "ActionStringID" function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pega Platform
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2019-16388 MEDIUM POC This Month

PEGA Platform 8.3.0 is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyStream=MyAlerts request to get Audit Log information while using a low-privilege account. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pega Platform
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2019-16387 HIGH POC This Week

PEGA Platform 8.3.0 is vulnerable to a direct prweb/sso/random_token/!STANDARD?pyActivity=Data-Admin-DB-Name.DBSchema_ListDatabases request while using a low-privilege account. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pega Platform
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2019-16386 MEDIUM POC This Month

PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyActivity=GetWebInfo&target=popup&pzHarnessID=random_harness_id request to get. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pega Platform
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2017-11356 MEDIUM POC This Month

The application distribution export functionality in PEGA Platform 7.2 ML0 and earlier allows remote authenticated users with certain privileges to obtain sensitive configuration information by. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pega Platform
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
3.0%
CVE-2017-11355 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in PEGA Platform 7.2 ML0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to the main page; the (2). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pega Platform
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.8%
EPSS 0% CVSS 5.5
MEDIUM This Month

Pega Platform versions 7.1.0 to Infinity 24.2.2 are affected by a Stored XSS issue in a user interface component. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Pega Platform
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Pega Platform versions 7.2.1 to Infinity 24.2.1 are affected by an XSS issue with Mashup. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pega Platform Suse
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Pega Platform versions 8.4.3 to Infinity 24.2.1 are affected by an XSS issue with Mashup. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pega Platform
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an Stored XSS issue with profile. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Pega Platform
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Pega Platform versions 7.1 to 8.8.3 are affected by an HTML Injection issue with a name field utilized in Visual Business Director, however this field can only be modified by an authenticated. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Pega Platform
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pega Platform
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Pega platform clients who are using versions 7.4 through 8.8.x and have upgraded from a version prior to 8.x may be utilizing default credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pega Platform
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pega Platform
NVD
EPSS 0% CVSS 4.5
MEDIUM This Month

Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alter CSRF settings directly. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Pega Platform
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Pega Platform from 7.3 to 8.7.3 is affected by an XSS issue due to a misconfiguration of a datapage setting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pega Platform
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Pega Platform from 8.5.4 to 8.7.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pega Platform
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Pega Platform through 8.4.x is affected by Cross Site Scripting (XSS) via the ConnectionID parameter, as demonstrated by a pyActivity=Data-TRACERSettings.pzStartTracerSession request to a PRAuth URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pega Platform
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Pega Platform before 8.4.0 has a XSS issue via stream rule parameters used in the request header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pega Platform
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Pega Platform before version 8.2.6 is affected by a Reflected Cross-Site Scripting vulnerability in the "ActionStringID" function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pega Platform
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

PEGA Platform 8.3.0 is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyStream=MyAlerts request to get Audit Log information while using a low-privilege account. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pega Platform
NVD
EPSS 1% CVSS 8.1
HIGH POC This Week

PEGA Platform 8.3.0 is vulnerable to a direct prweb/sso/random_token/!STANDARD?pyActivity=Data-Admin-DB-Name.DBSchema_ListDatabases request while using a low-privilege account. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pega Platform
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyActivity=GetWebInfo&target=popup&pzHarnessID=random_harness_id request to get. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pega Platform
NVD
EPSS 3% CVSS 6.5
MEDIUM POC This Month

The application distribution export functionality in PEGA Platform 7.2 ML0 and earlier allows remote authenticated users with certain privileges to obtain sensitive configuration information by. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pega Platform
NVD Exploit-DB
EPSS 3% CVSS 6.1
MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in PEGA Platform 7.2 ML0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to the main page; the (2). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pega Platform
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy