CVE-2017-17478

moderate-risk
Published 2018-02-27

An XSS issue was discovered in Designer Studio in Pegasystems Pega Platform 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2, 7.2.1, and 7.2.2. A user with developer credentials can insert malicious code (up to 64 characters) into a text field in Designer Studio, after establishing context. Designer Studio is the developer workbench for Pega Platform. That XSS payload will execute when other developers visit the affected pages.

Do I need to act?

-
0.26% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.8/10 Medium
NETWORK / LOW complexity

Affected Products (7)

Affected Vendors

Pega

References (2)

Vendor Advisory https://pdn.pega.com/pegasystems-security-bulletin-cve-2017-17478/pegasystems-se...
Vendor Advisory https://pdn.pega.com/pegasystems-security-bulletin-cve-2017-17478/pegasystems-se...
34
/ 100
moderate-risk
Severity 19/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 14/34 · Moderate