CVE-2022-43711

GX Software XperienCentral (versions 10.29.1–10.33.0) is affected by a cross-site scripting (XSS) vulnerability caused by the CSP header using eval() in the script-src directive. The issue is tied to Interactive Forms (IAF) functionality and can be triggered via user interaction with the affected...

CVE-2022-43711

Interactive Forms IAF in GX Software XperienCentral versions 10.29.1 until 10.33.0 was vulnerable to cross site scripting attacks XSS because the CSP header uses eval in the script-src...

CVE-2022-43713

Interactive Forms IAF in GX Software XperienCentral versions 10.33.1 until 10.35.0 was vulnerable to invalid data input because form validation could be bypassed...

CVE-2022-43710

Interactive Forms IAF in GX Software XperienCentral versions 10.31.0 until 10.33.0 was vulnerable to cross site request forgery CSRF because the unique token could be deduced using the names of all input fields...

Shadow Attacks Let Attackers Replace Content in Digitally Signed PDFs

Researchers have demonstrated a novel class of attacks that could allow a bad actor to potentially circumvent existing countermeasures and break the integrity protection of digitally signed PDF documents. Called "Shadow attacks" by academics from Ruhr-University Bochum, the technique uses the...