cbcvebase.

Pegasystems Pega Infinity vulnerabilities

25 known vulnerabilities affecting pegasystems/pega_infinity.

Total CVEs
25
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH2MEDIUM18LOW1

Vulnerabilities

Page 2 of 2
CVE-2024-6700P4MEDIUMCVSS 4.8≥ 8.1, < 24.1.32024-09-12
CVE-2024-6700 [MEDIUM] CWE-79 CVE-2024-6700: Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with App name. Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with App name.
nvd
CVE-2024-6701P4MEDIUMCVSS 4.8≥ 8.1, < 24.1.32024-09-12
CVE-2024-6701 [MEDIUM] CWE-79 CVE-2024-6701: Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with case type. Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with case type.
nvd
CVE-2024-10716P4MEDIUMCVSS 4.8≥ 8.1, < 24.2.12024-12-05
CVE-2024-10716 [MEDIUM] CWE-79 CVE-2024-10716: Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an XSS issue with search. Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an XSS issue with search.
nvd
CVE-2022-35656P4MEDIUMCVSS 4.5≥ 8.3, < unspecified≥ unspecified, < 8.7.32022-08-22
CVE-2022-35656 [MEDIUM] CWE-352 CVE-2022-35656: Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alt Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alter CSRF settings directly.
nvd
CVE-2025-62184P4LOWCVSS 3.4≥ 8.1.0, < Infinity 25.1.02026-03-31
CVE-2025-62184 [LOW] CWE-79 CVE-2025-62184: Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerabil Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality is low and Integrity is none.
nvd
Pegasystems Pega Infinity vulnerabilities | cvebase