Stored Cross-Site Scripting in Pega Platform
Title | Stored Cross-Site Scripting in Pega Platform |
Discovery date | 23/04/2024 |
Class | XSS Stored |
Affected Products
Pega Platform versions 8.1 to Infinity 24.1.2
Proof of Concept
From “APP STUDIO” homepage, under “Description general” (“General description”), we can change the application name using “Editar” (“Edit”):
We can then insert an XSS payload into text field “Nombre de aplication” (“Application name”) (1).
The specific payload used is:
<img src=x onerror=alert('XSS')>
We can then save this change by clicking on button “Grabar” (“Save”).
The XSS payload is then triggered, executing the JavaScript code client-side: