Pega Platform is affected by Cross Site Scripting (XSS) via the ConnectionID parameter : CVE-2020-23957

KiranKS · June 1, 2022, 7:42am

Security team identified Vulnerability CVE-2020-23957 in Pega 7.3.1 and i could see this is specified in Pega security bulletin as well.

Pega Platform is affected by Cross Site Scripting (XSS) via the ConnectionID parameter, as demonstrated by a pyActivity=Data-TRACERSettings.pzStartTracerSession request to a PRAuth URI.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23957

Is there a fix available for this vulnerability in Pega 7.3.1?

MarijeSchillern · June 1, 2022, 11:14am

@KiranKS yes in the support ticket that you have already logged please request HFIX-68904.

Alternatively log a new ‘Request HFIX’ ticket and let the team know.

Conversation		Replies	Views
Pega Security vulnerability issues in Pega 7.3.1 (IDOR and CSRF attack) Pega-as-a-Service pega-platform , business-architect , low-code-app-development , security , devops , app-studio , pega-cloud , enterprise-application-development , financial-services , 7-3-1 , dev-designer-studio	7	200	January 24, 2024
How to save pega application from Cross-Site Scripting (XSS) attacks General senior-system-architect , security , financial-services , 8-5-3	1	496	July 18, 2024
CVEs & pega platform 7.4 General security , 7-4	1	205	March 21, 2022
ckeditor version 4.7.1 in Pega 23.1 General pega-platform	1	141	March 10, 2025
CVE-2024-20353 General pega-platform , security	5	97	May 15, 2024

Pega Platform is affected by Cross Site Scripting (XSS) via the ConnectionID parameter : CVE-2020-23957

Related topics