wid-sec-w-2026-0941
·
Published 2026-03-31
·
View on BSI CERT-Bund ↗
Pega Platform: Vulnerability allows Cross-Site Scripting
CVSS 4.8
MEDIUM
Risk Summary
Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality is low and Integrity is none.
CVEs (1)
Affected Vendors
Pega
Affected Products (6)
Pega
·
Platform
<24.1.4
Pega
·
Platform
24.1.4
Pega
·
Platform
<24.2.4
Pega
·
Platform
24.2.4
Pega
·
Platform
<25.1.0
Pega
·
Platform
25.1.0
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more