Pega Infinity Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2022-35654 - Vulnerability Database

Pega Infinity Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2022-35654

Medium

Reference: CVE-2022-35654

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2022-35654

Title: Pega Infinity Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Overview:

Pega Platform from 8.5.4 to 8.7.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter.