Aggregates CVE and security vulnerability intelligence across all pega-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk cross-site scripting, vendor risk path handling, vendor risk csrf, and vendor risk xxe, with potential vendor impact session compromise across vendor surface software deployment use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-1711 | Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-Site Scripting vulnerability in a user interface component. Requires a high privileged user with a developer role. | [email protected] | 4.8 | 0.03% | 2026-04-15 | 2026-04-23 |
| CVE-2026-1564 | Pega Platform versions 8.1.0 through 25.1.1 are affected by an HTML Injection vulnerability in a user interface component. Requires a high privileged user with a developer role. | [email protected] | 5.1 | 0.03% | 2026-04-15 | 2026-04-23 |
| CVE-2025-62184 | Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality is low and Integrity is none. | [email protected] | 4.8 | 0.04% | 2026-03-31 | 2026-04-03 |
| CVE-2025-9559 | Pega Platform versions 8.7.5 to Infinity 24.2.2 are affected by a Insecure Direct Object Reference issue in a user interface component that can only be used to read data. | [email protected] | 6.5 | 0.03% | 2025-10-16 | 2025-10-30 |
| CVE-2025-8681 | Pega Platform versions 7.1.0 to Infinity 24.2.2 are affected by a Stored XSS issue in a user interface component. Requires a high privileged user with a developer role. | [email protected] | 5.5 | 0.02% | 2025-09-10 | 2025-10-29 |
| CVE-2025-2161 | Pega Platform versions 7.2.1 to Infinity 24.2.1 are affected by an XSS issue with Mashup | [email protected] | 7.1 | 0.21% | 2025-04-14 | 2025-10-30 |
| CVE-2025-2160 | Pega Platform versions 8.4.3 to Infinity 24.2.1 are affected by an XSS issue with Mashup | [email protected] | 8.1 | 0.36% | 2025-04-14 | 2025-10-30 |
| CVE-2024-12211 | Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an Stored XSS issue with profile. | [email protected] | 5.4 | 0.34% | 2025-01-13 | 2025-10-29 |
| CVE-2024-10716 | Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an XSS issue with search. | [email protected] | 5.9 | 0.28% | 2024-12-05 | 2025-03-10 |
| CVE-2024-10094 | Pega Platform versions 6.x to Infinity 24.1.1 are affected by an issue with Improper Control of Generation of Code | [email protected] | 9.1 | 0.53% | 2024-11-20 | 2025-03-10 |
| CVE-2024-6702 | Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage. | [email protected] | 5.2 | 0.09% | 2024-09-12 | 2024-09-13 |
| CVE-2024-6701 | Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with case type. | [email protected] | 5.5 | 0.09% | 2024-09-12 | 2024-09-13 |
| CVE-2024-6700 | Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with App name. | [email protected] | 5.5 | 0.08% | 2024-09-12 | 2024-09-13 |
| CVE-2023-50168 | Pega Platform from 6.x to 8.8.4 is affected by an XXE issue with PDF Generation. | [email protected] | 7.7 | 0.14% | 2024-03-14 | 2025-03-10 |
| CVE-2023-50167 | Pega Platform from 7.1.7 to 23.1.1 is affected by an XSS issue with editing/rendering user html content. | [email protected] | 5.4 | 0.11% | 2024-03-06 | 2025-02-18 |
| CVE-2023-50166 | Pega Platform from 8.5.4 to 8.8.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter. | [email protected] | 6.1 | 0.12% | 2024-01-31 | 2024-11-21 |
| CVE-2023-50165 | Pega Platform versions 8.2.1 to Infinity 23.1.0 are affected by an Generated PDF issue that could expose file contents. | [email protected] | 8.5 | 0.09% | 2024-01-31 | 2024-11-21 |
| CVE-2023-32089 | Pega Platform versions 8.1 to 8.8.2 are affected by an XSS issue with Pin description | [email protected] | 4.6 | 0.11% | 2023-10-18 | 2024-11-21 |
| CVE-2023-32088 | Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with ad-hoc case creation | [email protected] | 4.6 | 0.11% | 2023-10-18 | 2024-11-21 |
| CVE-2023-32087 | Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with task creation | [email protected] | 4.6 | 0.11% | 2023-10-18 | 2024-11-21 |