Vulnerability CVE-2017-17478


Published: 2018-02-27

Description:
An XSS issue was discovered in Designer Studio in Pegasystems Pega Platform 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2, 7.2.1, and 7.2.2. A user with developer credentials can insert malicious code (up to 64 characters) into a text field in Designer Studio, after establishing context. Designer Studio is the developer workbench for Pega Platform. That XSS payload will execute when other developers visit the affected pages.

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

Vendor: Pegasystems
Product: Pega platform 
Version:
7.2.2.
7.2.1
7.2.0
7.1.9
7.1.8
7.1.7
7.1.10

CVSS2 => (AV:N/AC:M/Au:S/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.5/10
2.9/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
https://pdn.pega.com/pegasystems-security-bulletin-cve-2017-17478/pegasystems-security-bulletin-cve-2017-17478

Copyright 2018, cxsecurity.com

 

Back to Top