VYPR

PEGA Platform

by Capasystems

CVEs (2)

  • CVE-2017-11355MedAug 2, 2017
    risk 0.43cvss 6.1epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in PEGA Platform 7.2 ML0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to the main page; the (2) beanReference parameter to the JavaBean viewer page; or the (3) pyTableName to…

  • CVE-2017-17478MedFeb 27, 2018
    risk 0.31cvss 4.8epss 0.01

    An XSS issue was discovered in Designer Studio in Pegasystems Pega Platform 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2, 7.2.1, and 7.2.2. A user with developer credentials can insert malicious code (up to 64 characters) into a text field in Designer Studio, after establishing context.…