During one of the engagements I identified a medium-risk vulnerability within the Pega platform, which was classified under CVE-2023-4843. The vulnerability was an HTML injection which could also be leveraged in order to create redirects and phish for other users credentials.
The Pega official security advisory can be found here: https://support.pega.com/support-doc/pega-security-advisory-%E2%80%93-d23-vulnerability-remediation-note
