Pega Platform before 8.4.0 has a XSS issue via stream rule parameters used in the request header.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24353
Reference (s):
- https://community.pega.com/knowledgebase/products/platform/release-notes
- https://community.pega.com/knowledgebase/products/platform/resolved-issues?q=527502