CVE-2023-50166 MEDIUM

CVE-2023-50166

Vendor Pegasystems
Product Pega Platform
Weakness CWE-79 · XSS
Published January 31, 2024
Last update June 11, 2025

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Pega Platform from 8.5.4 to 8.8.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter.

Key dates

02Disclosure timeline

January 31, 2024 CVE published
June 11, 2025 Record updated