exploitDog

CVE-2020-23957

Опубликовано: 15 дек. 2020

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Pega Platform through 8.4.x is affected by Cross Site Scripting (XSS) via the ConnectionID parameter, as demonstrated by a pyActivity=Data-TRACERSettings.pzStartTracerSession request to a PRAuth URI.

Ссылки

https://jayaramyalla.medium.com/cross-site-scripting-in-pega-cve-2020-23957-16d1c417da5f
Exploit
Third Party Advisory
https://jayaramyalla.medium.com/cross-site-scripting-in-pega-cve-2020-23957-16d1c417da5f
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pega:pega_platform:*:*:*:*:*:*:*:*

Версия от 8.4 (включая) до 8.4.2 (включая)

EPSS

Процентиль: 47%

0.0024

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-q835-q3qm-4v3c

github

больше 3 лет назад

Pega Platform through 8.4.x is affected by Cross Site Scripting (XSS) via the ConnectionID parameter, as demonstrated by a pyActivity=Data-TRACERSettings.pzStartTracerSession request to a PRAuth URI.

EPSS

Процентиль: 47%

0.0024

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79