Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in PEGA Platform 7.2 ML0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to the main page; the (2) beanReference parameter to the JavaBean viewer page; or the (3) pyTableName to the System database schema modification page.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pega | Pega Platform | <= 7.2_ml0 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2017/Jul/28Mailing ListThird Party Advisory
- https://pdn.pega.com/pegasystems-security-bulletin-cve-2017-11355-and-cve-2017-1
- https://www.exploit-db.com/exploits/42335/
- http://seclists.org/fulldisclosure/2017/Jul/28Mailing ListThird Party Advisory
- https://pdn.pega.com/pegasystems-security-bulletin-cve-2017-11355-and-cve-2017-1
- https://www.exploit-db.com/exploits/42335/
FAQ
What is CVE-2017-11355?
CVE-2017-11355 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in PEGA Platform 7.2 ML0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to the main page; the (2) b...
How severe is CVE-2017-11355?
CVE-2017-11355 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-11355?
Check the references section above for vendor advisories and patch information. Affected products include: Pega Pega Platform.