Pega Infinity Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) Vulnerability - CVE-2026-1564 - Vulnerability Database

Pega Infinity Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) Vulnerability - CVE-2026-1564

Medium

Reference: CVE-2026-1564

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2026-1564

Title: Pega Infinity Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) Vulnerability

Overview:

Pega Platform versions 8.1.0 through 25.1.1 are affected by an HTML Injection vulnerability in a user interface component. Requires a high privileged user with a developer role.