WEB APPLICATION VULNERABILITIES Standard & Premium

Pega Infinity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-10716)

Description

Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an XSS issue with search.

Remediation

References

Related Vulnerabilities

WordPress Plugin File Manager Unspecified Vulnerability (2.2.0)

WordPress Plugin WP eCommerce HTML Injection (3.8.7.1)

WordPress Plugin Clio Grow Cross-Site Scripting (1.0)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-33941)

PHP Uncontrolled Resource Consumption Vulnerability (CVE-2023-0662)

Severity

Medium

Classification

CVE-2024-10716 CWE-707 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities