Pega Platform XSS Vulnerability Affects Versions 8.1 to 24.2.0
CVE-2024-10716

4.8MEDIUM

Key Information:

Vendor

Pegasystems

Status
Pega Infinity
Vendor
CVE Published:
5 December 2024

What is CVE-2024-10716?

Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an XSS issue with search.

Affected Version(s)

Pega Infinity 8.1 < 24.2.1

References

https://support.pega.com/support-doc/pega-security-adviso...
vendor-advisory

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Konrad Zbylut
.