VYPR

Vendor CVEs

Capasystems

All CVEs

23 total · sorted by risk
  • CVE-2017-11355MedAug 2, 2017
    risk 0.43cvss 6.1epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in PEGA Platform 7.2 ML0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to the main page; the (2) beanReference parameter to the JavaBean viewer page; or the (3) pyTableName to…

  • CVE-2017-17478MedFeb 27, 2018
    risk 0.31cvss 4.8epss 0.01

    An XSS issue was discovered in Designer Studio in Pegasystems Pega Platform 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2, 7.2.1, and 7.2.2. A user with developer credentials can insert malicious code (up to 64 characters) into a text field in Designer Studio, after establishing context.…

  • CVE-2022-24082Jul 19, 2022
    risk 0.07cvss epss 0.09

    If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly configured, then it may be possible to upload serialized payloads to attack the underlying system. This does not affect…

  • CVE-2021-27651Apr 29, 2021
    risk 0.07cvss epss 0.54

    In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks.

  • CVE-2025-9559Oct 16, 2025
    risk 0.00cvss epss 0.00

    Pega Platform versions 8.7.5 to Infinity 24.2.2 are affected by a Insecure Direct Object Reference issue in a user interface component that can only be used to read data.

  • CVE-2025-8681Sep 10, 2025
    risk 0.00cvss epss 0.00

    Pega Platform versions 7.1.0 to Infinity 24.2.2 are affected by a Stored XSS issue in a user interface component.  Requires a high privileged user with a developer role.

  • CVE-2025-2161Apr 14, 2025
    risk 0.00cvss epss 0.00

    Pega Platform versions 7.2.1 to Infinity 24.2.1 are affected by an XSS issue with Mashup

  • CVE-2025-2160Apr 14, 2025
    risk 0.00cvss epss 0.00

    Pega Platform versions 8.4.3 to Infinity 24.2.1 are affected by an XSS issue with Mashup

  • CVE-2024-12211Jan 13, 2025
    risk 0.00cvss epss 0.00

    Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an Stored XSS issue with profile.

  • CVE-2024-10716Dec 5, 2024
    risk 0.00cvss epss 0.00

    Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an XSS issue with search.

  • CVE-2024-10094Nov 20, 2024
    risk 0.00cvss epss 0.00

    Pega Platform versions 6.x to Infinity 24.1.1 are affected by an issue with Improper Control of Generation of Code

  • CVE-2024-6702Sep 12, 2024
    risk 0.00cvss epss 0.00

    Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage.

  • CVE-2024-6701Sep 12, 2024
    risk 0.00cvss epss 0.00

    Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with case type.

  • CVE-2024-6700Sep 12, 2024
    risk 0.00cvss epss 0.00

    Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with App name.

  • CVE-2023-26465Jun 9, 2023
    risk 0.00cvss epss 0.00

    Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue.

  • CVE-2022-35656Aug 22, 2022
    risk 0.00cvss epss 0.00

    Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alter CSRF settings directly.

  • CVE-2022-35655Aug 22, 2022
    risk 0.00cvss epss 0.00

    Pega Platform from 7.3 to 8.7.3 is affected by an XSS issue due to a misconfiguration of a datapage setting.

  • CVE-2022-35654Aug 22, 2022
    risk 0.00cvss epss 0.00

    Pega Platform from 8.5.4 to 8.7.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter.

  • CVE-2022-24083Jul 25, 2022
    risk 0.00cvss epss 0.01

    Password authentication bypass vulnerability for local accounts can be used to bypass local authentication checks.

  • CVE-2021-27654Jan 28, 2022
    risk 0.00cvss epss 0.01

    Forgotten password reset functionality for local accounts can be used to bypass local authentication checks.

  • CVE-2021-27653Apr 1, 2021
    risk 0.00cvss epss 0.01

    Misconfiguration of the Pega Chat Access Group portal in Pega platform 7.4.0 - 8.5.x could lead to unintended data exposure.

  • CVE-2020-27977Nov 9, 2020
    risk 0.00cvss epss 0.00

    CapaSystems CapaInstaller before 6.0.101 does not properly assign, modify, or check privileges for an actor who attempts to edit registry values, allowing an attacker to escalate privileges.

  • CVE-2013-5216Sep 12, 2013
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in logreader/uploadreader.jsp in CapaSystems Performance Guard before 6.2.102 allows remote attackers to read arbitrary files via unspecified vectors.