- Description
- Pega Platform versions 7.1.0 to Infinity 24.2.2 are affected by a Stored XSS issue in a user interface component. Requires a high privileged user with a developer role.
- Source
- security@pega.com
- NVD status
- Analyzed
- Products
- pega_platform
CVSS 3.1
- Type
- Primary
- Base score
- 5.4
- Impact score
- 2.7
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- security@pega.com
- CWE-79
- Hype score
- Not currently trending
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pega:pega_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E025E37-EFCE-4BA5-8517-B34D445731B6",
"versionEndExcluding": "23.1.5",
"versionStartIncluding": "7.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pega:pega_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12DCD9B7-08F4-43D1-B361-2EC496D5F7C9",
"versionEndExcluding": "24.1.3",
"versionStartIncluding": "24.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pega:pega_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58EC0973-3139-4B4D-BE29-1911F0982C75",
"versionEndExcluding": "24.2.2",
"versionStartIncluding": "24.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]