Lucene search

[email protected]NVD:CVE-2023-50167

HistoryMar 06, 2024 - 6:15 p.m.

CVE-2023-50167

2024-03-0618:15:46

CWE-79

[email protected]

web.nvd.nist.gov

pega platform

xss issue

version 7.1.7

version 23.1.1

user html content

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.0004 Low

EPSS

Percentile

9.2%

JSON

Pega Platform from 7.1.7 to 23.1.1 is affected by an XSS issue with editing/rendering user html content.

References

support.pega.com/support-doc/pega-security-advisory-i23-vulnerability-remediation-note