XSS Vulnerability in Pega Platform Software by Pegasystems
CVE-2022-35654

6.1MEDIUM

Key Information:

Vendor

Pegasystems

Status
Pega Infinity
Vendor
CVE Published:
22 August 2022

What is CVE-2022-35654?

An XSS vulnerability has been identified in Pega Platform versions 8.5.4 to 8.7.3, which allows an unauthenticated user to exploit the redirect parameter. This security issue could enable attackers to execute arbitrary scripts in a user's browser, leading to potential data theft or session hijacking.

Affected Version(s)

Pega Infinity 8.5.4

Pega Infinity < 8.7.3

References

https://support.pega.com/support-doc/pega-security-adviso...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

CVSS V3.0

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Kane Gamble from Blackfoot UK
.