Every CVE whose affected-product data names Pega Platform, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2019-16374 — CVSS 9.8 (critical): Pega Platform 8.2.1 allows LDAP injection because a username can contain a * character and can be of unlimited length. An attacker can…
CVE-2020-8773 — CVSS 8.9 (high): The Richtext Editor in Pega Platform before 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability.
CVE-2020-8775 — CVSS 8.9 (high): Pega Platform before version 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the comment tags.
CVE-2023-50165 — CVSS 8.5 (high): Pega Platform versions 8.2.1 to Infinity 23.1.0 are affected by an Generated PDF issue that could expose file contents.
CVE-2023-50166 — CVSS 6.1 (medium): Pega Platform from 8.5.4 to 8.8.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter.