What the vulnerability does
01Description
Pega Platform from 8.5.4 to 8.7.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter.
CVSS base score
6.1/10
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Key dates
02Disclosure timeline
August 22, 2022
CVE published
August 3, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2023-47265 Apache Airflow: DAG Params alllow to embed unchecked Javascript
CVE-2025-22353 WordPress BVD Easy Gallery Manager plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerability
CVE-2026-7498 Stored XSS in Basamak Informatics' DernekWeb
CVE-2023-29207 Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro
CVE-2025-26954 WordPress ZooEffect plugin <= 1.11 - Reflected Cross Site Scripting (XSS) vulnerability
