CVE-2023-4843

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Pega Platform versions 7.1 to 8.8.3

Description The issue is an HTML Injection problem with a name field used in Visual Business Director. This field can only be modified by an authenticated administrative user.

Recommendations For Pega Platform versions 7.1 to 8.8.3, consider restricting access to the name field in Visual Business Director to prevent unauthorized modifications until a fix is available. As a temporary workaround, ensure that only trusted administrative users have access to this field.

Fix

Special Elements Injection

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-79

Related Identifiers

CVE-2023-4843

Affected Products

Pega Platform

CVE-2023-4843

Weakness Enumeration

Related Identifiers

Affected Products

References · 6