CVE-2017-17478

Name of the Vulnerable Software and Affected Versions: Pega Platform versions 7.1.7 through 7.1.10 Pega Platform versions 7.2 through 7.2.2

Description: A cross-site scripting (XSS) issue was found in Designer Studio, which is the developer workbench for Pega Platform. This issue allows a user with developer credentials to insert malicious code into a text field, up to 64 characters, after establishing context. The malicious code will execute when other developers visit the affected pages.

Recommendations: For Pega Platform versions 7.1.7 through 7.1.10, restrict access to the Designer Studio text field to minimize the risk of exploitation. For Pega Platform versions 7.2 through 7.2.2, consider disabling the ability to insert code into the Designer Studio text field until a fix is available. Avoid using the affected pages in Designer Studio until the issue is resolved.