CVE-2022-43710

HIGH

GX Software XperienCentral <10.33.0 - CSRF

Title source: llm
STIX 2.1

Description

Interactive Forms (IAF) in GX Software XperienCentral versions 10.31.0 until 10.33.0 was vulnerable to cross site request forgery (CSRF) because the unique token could be deduced using the names of all input fields.

References (2)

Core 2

Scores

CVSS v3 8.8
EPSS 0.0024
EPSS Percentile 14.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-352
Status published
Products (1)
gxsoftware/xperiencentral 10.31.0 - 10.33.0
Published Jul 26, 2023
Tracked Since Feb 18, 2026