Description

Pega Platform versions 7.1 to 8.8.3 are affected by an HTML Injection issue with a name field utilized in Visual Business Director, however this field can only be modified by an authenticated administrative user.

Remediation

References

CVE-2023-4843

Related Vulnerabilities

WordPress Plugin Poll Maker SQL Injection (3.4.1)

Jenkins Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-1000195)

WordPress Plugin GD Star Rating Multiple Vulnerabilities (1.9.22)

Moodle Other Vulnerability (CVE-2004-1425)

Microsoft SQL Server Improper Input Validation Vulnerability (CVE-2001-0509)

Severity

Medium

Classification

CVE-2023-4843 CWE-707 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities