Pega Platform versions 7.2.1 to Infinity 24.2.1 are affected by an XSS issue with Mashup
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:NPega Platform
APPPega24.2.07.2.1 – 8.5.5 (bez)23.1.0 – 23.1.4 (bez)24.1.0 – 24.1.2 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
XSS
CWE
Related vulnerabilities
CVE-2023-32090CRITICAL9.8ten sam produkt
Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default credentials
CVE-2020-15390CRITICAL9.8ten sam produkt
pyActivity in Pega Platform 8.4.0.237 has a security misconfiguration that leads to an improper access control...
CVE-2025-2160HIGH8.1ten sam produkt
Pega Platform versions 8.4.3 to Infinity 24.2.1 are affected by an XSS issue with Mashup
CVE-2023-50168HIGH7.7ten sam produkt
Pega Platform from 6.x to 8.8.4 is affected by an XXE issue with PDF Generation.
CVE-2023-28094HIGH8.1ten sam produkt
Pega platform clients who are using versions 7.4 through 8.8.x and have upgraded from a version prior to 8.x m...