Description
Multiple cross-site scripting (XSS) vulnerabilities in PEGA Platform 7.2 ML0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to the main page; the (2) beanReference parameter to the JavaBean viewer page; or the (3) pyTableName to the System database schema modification page.
Remediation
References
Related Vulnerabilities
WordPress Plugin bbPress Security Bypass (2.6.3)
MySQL CVE-2019-2581 Vulnerability (CVE-2019-2581)
WordPress Plugin Slideshow Gallery LITE Cross-Site Scripting (1.7.3)
Cherokee Improper Authentication Vulnerability (CVE-2014-4668)
EspoCRM Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2022-38845)