cbcvebase.

Pega Platform vulnerabilities

27 known vulnerabilities affecting pega/pega_platform.

Total CVEs
27
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH3MEDIUM20LOW1

Vulnerabilities

Page 2 of 2
CVE-2026-1711P4MEDIUMCVSS 4.8≥ 8.1, ≤ 25.1.12026-04-15
CVE-2026-1711 [MEDIUM] CWE-79 CVE-2026-1711: Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-Site Scripting vulnerabil Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-Site Scripting vulnerability in a user interface component. Requires a high privileged user with a developer role.
nvd
CVE-2026-1564P4MEDIUMCVSS 4.8≥ 8.1, ≤ 25.1.12026-04-15
CVE-2026-1564 [MEDIUM] CWE-80 CVE-2026-1564: Pega Platform versions 8.1.0 through 25.1.1 are affected by an HTML Injection vulnerability in a use Pega Platform versions 8.1.0 through 25.1.1 are affected by an HTML Injection vulnerability in a user interface component. Requires a high privileged user with a developer role.
nvd
CVE-2017-17478P4MEDIUMCVSS 4.8v7.1.7v7.1.8+5 more2018-02-27
CVE-2017-17478 [MEDIUM] CWE-79 CVE-2017-17478: An XSS issue was discovered in Designer Studio in Pegasystems Pega Platform 7.1.7, 7.1.8, 7.1.9, 7.1 An XSS issue was discovered in Designer Studio in Pegasystems Pega Platform 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2, 7.2.1, and 7.2.2. A user with developer credentials can insert malicious code (up to 64 characters) into a text field in Designer Studio, after establishing context. Designer Studio is the developer workbench for Pega Platform. That XSS paylo
nvd
CVE-2019-16386P4MEDIUMCVSS 4.3≥ 7.1.0, ≤ 7.4.0≥ 8.1.0, ≤ 8.3.12019-11-26
CVE-2019-16386 [MEDIUM] CWE-425 CVE-2019-16386: PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/random_toke PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyActivity=GetWebInfo&target=popup&pzHarnessID=random_harness_id request to get database schema information while using a low-privilege account. NOTE: The vendor states that this vulnerability was discovered using an administrator account
nvd
CVE-2019-16388P4MEDIUMCVSS 4.3v8.32019-11-26
CVE-2019-16388 [MEDIUM] CWE-425 CVE-2019-16388: PEGA Platform 8.3.0 is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STA PEGA Platform 8.3.0 is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyStream=MyAlerts request to get Audit Log information while using a low-privilege account. NOTE: The vendor states that this vulnerability was discovered using an administrator account and they are normal administrator functions. Therefore, the
nvd
CVE-2022-35656P4MEDIUMCVSS 4.5≥ 8.3, ≤ 8.7.32022-08-22
CVE-2022-35656 [MEDIUM] CWE-352 CVE-2022-35656: Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alt Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alter CSRF settings directly.
nvd
CVE-2025-62184P4LOWCVSS 3.4≥ 8.1, ≤ 25.1.02026-03-31
CVE-2025-62184 [LOW] CWE-79 CVE-2025-62184: Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerabil Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality is low and Integrity is none.
nvd
Pega Platform vulnerabilities | cvebase