Description
Interactive Forms (IAF) in GX Software XperienCentral versions 10.31.0 until 10.33.0 was vulnerable to cross site request forgery (CSRF) because the unique token could be deduced using the names of all input fields.
References (2)
Core 2
Core References
Product
https://service.gxsoftware.com
Vendor Advisory
https://service.gxsoftware.com/hc/nl/articles/12208173122461
Scores
CVSS v3
8.8
EPSS
0.0024
EPSS Percentile
14.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-352
Status
published
Products (1)
gxsoftware/xperiencentral
10.31.0 - 10.33.0
Published
Jul 26, 2023
Tracked Since
Feb 18, 2026