CVE-2020-15390 — CVSS 9.8 (critical): pyActivity in Pega Platform 8.4.0.237 has a security misconfiguration that leads to an improper access control vulnerability via…
CVE-2020-8774 — CVSS 8.8 (high): Pega Platform before version 8.2.6 is affected by a Reflected Cross-Site Scripting vulnerability in the "ActionStringID" function.
CVE-2019-16387 — CVSS 8.1 (high): PEGA Platform 8.3.0 is vulnerable to a direct prweb/sso/random_token/!STANDARD?pyActivity=Data-Admin-DB-Name.DBSchema_ListDatabases request…
CVE-2023-28094 — CVSS 8.1 (high): Pega platform clients who are using versions 7.4 through 8.8.x and have upgraded from a version prior to 8.x may be utilizing default…
CVE-2017-11356 — CVSS 6.5 (medium): The application distribution export functionality in PEGA Platform 7.2 ML0 and earlier allows remote authenticated users with certain…
CVE-2025-9559 — CVSS 6.5 (medium): Pega Platform versions 8.7.5 to Infinity 24.2.2 are affected by a Insecure Direct Object Reference issue in a user interface component that…
CVE-2017-11355 — CVSS 6.1 (medium): Multiple cross-site scripting (XSS) vulnerabilities in PEGA Platform 7.2 ML0 and earlier allow remote attackers to inject arbitrary web…
CVE-2020-23957 — CVSS 6.1 (medium): Pega Platform through 8.4.x is affected by Cross Site Scripting (XSS) via the ConnectionID parameter, as demonstrated by a…
CVE-2022-35654 — CVSS 6.1 (medium): Pega Platform from 8.5.4 to 8.7.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter.
CVE-2022-35655 — CVSS 6.1 (medium): Pega Platform from 7.3 to 8.7.3 is affected by an XSS issue due to a misconfiguration of a datapage setting.
CVE-2025-8681 — CVSS 5.5 (medium): Pega Platform versions 7.1.0 to Infinity 24.2.2 are affected by a Stored XSS issue in a user interface component. Requires a high…
CVE-2023-50167 — CVSS 5.4 (medium): Pega Platform from 7.1.7 to 23.1.1 is affected by an XSS issue with editing/rendering user html content.
CVE-2017-17478 — CVSS 4.8 (medium): An XSS issue was discovered in Designer Studio in Pegasystems Pega Platform 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2, 7.2.1, and 7.2.2. A user with…
CVE-2026-1711 — CVSS 4.8 (medium): Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-Site Scripting vulnerability in a user interface component…
CVE-2026-1564 — CVSS 4.8 (medium): Pega Platform versions 8.1.0 through 25.1.1 are affected by an HTML Injection vulnerability in a user interface component. Requires a high…
CVE-2022-35656 — CVSS 4.5 (medium): Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alter CSRF settings directly.
CVE-2019-16386 — CVSS 4.3 (medium): PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyActivity=GetWebInfo&target…
CVE-2019-16388 — CVSS 4.3 (medium): PEGA Platform 8.3.0 is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyStream=MyAlerts request to get…
CVE-2023-4843 — CVSS 4.3 (medium): Pega Platform versions 7.1 to 8.8.3 are affected by an HTML Injection issue with a name field utilized in Visual Business Director, however…
CVE-2025-62184 — CVSS 3.4 (low): Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component…