Description

An XSS issue was discovered in Designer Studio in Pegasystems Pega Platform 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2, 7.2.1, and 7.2.2. A user with developer credentials can insert malicious code (up to 64 characters) into a text field in Designer Studio, after establishing context. Designer Studio is the developer workbench for Pega Platform. That XSS payload will execute when other developers visit the affected pages.

Remediation

References

CVE-2017-17478

Related Vulnerabilities

Jenkins Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-1000864)

WordPress Plugin Post Views Count (Support caching plugins!) Cross-Site Scripting (3.0.2)

MySQL CVE-2021-35546 Vulnerability (CVE-2021-35546)

Plone CMS Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2024-0669)

WordPress Plugin WP Logs Book Cross-Site Scripting (1.0.1)

Severity

Medium

Classification

CVE-2017-17478 CWE-707 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities