2136 matches found
CVE-2022-43713
Interactive Forms IAF in GX Software XperienCentral versions 10.33.1 until 10.35.0 was vulnerable to invalid data input because form validation could be bypassed...
CVE-2022-43711
Interactive Forms IAF in GX Software XperienCentral versions 10.29.1 until 10.33.0 was vulnerable to cross site scripting attacks XSS because the CSP header uses eval in the script-src...
CVE-2022-43710
Interactive Forms IAF in GX Software XperienCentral versions 10.31.0 until 10.33.0 was vulnerable to cross site request forgery CSRF because the unique token could be deduced using the names of all input fields...
CVE-2022-43710
Interactive Forms IAF in GX Software XperienCentral versions 10.31.0 until 10.33.0 was vulnerable to cross site request forgery CSRF because the unique token could be deduced using the names of all input fields...
CVE-2022-43710
Interactive Forms IAF in GX Software XperienCentral versions 10.31.0 until 10.33.0 was vulnerable to cross site request forgery CSRF because the unique token could be deduced using the names of all input fields...
Input validation
Interactive Forms IAF in GX Software XperienCentral versions 10.33.1 until 10.35.0 was vulnerable to invalid data input because form validation could be bypassed...
Cross site request forgery (csrf)
Interactive Forms IAF in GX Software XperienCentral versions 10.31.0 until 10.33.0 was vulnerable to cross site request forgery CSRF because the unique token could be deduced using the names of all input fields...
Cross site scripting
Interactive Forms IAF in GX Software XperienCentral versions 10.29.1 until 10.33.0 was vulnerable to cross site scripting attacks XSS because the CSP header uses eval in the script-src...
PT-2023-14299 · Gx · Xperiencentral
Name of the Vulnerable Software and Affected Versions: GX Software XperienCentral versions 10.29.1 through 10.33.0 Description: The issue allows for cross site scripting attacks XSS due to the Content Security Policy CSP header using eval in the script-src, which is associated with Interactive...
GX Software XperienCentral 输入验证错误漏洞
GX Software XperienCentral is a CMS from GX Software. A security vulnerability exists in GX Software XperienCentral versions 10.33.1 through 10.35.0, which stems from an easy bypass of the validation of Interactive Forms IAF...
CVE-2022-43713
GX Software XperienCentral has an IAF validation bypass vulnerability (CVE-2022-43713) affecting versions 10.33.1 through 10.35.0, allowing invalid data input via Interactive Forms. The issue stems from bypassable form validation in IAF. Impact is mainly data integrity for inputs; CVSS indicates ...
CVE-2022-43713
Interactive Forms IAF in GX Software XperienCentral versions 10.33.1 until 10.35.0 was vulnerable to invalid data input because form validation could be bypassed...
CVE-2022-43711
Interactive Forms IAF in GX Software XperienCentral versions 10.29.1 until 10.33.0 was vulnerable to cross site scripting attacks XSS because the CSP header uses eval in the script-src...
CVE-2022-43710
CVE-2022-43710 affects GX Software XperienCentral, versions 10.31.0 through 10.33.0. The vulnerability is a cross-site request forgery (CSRF) where the unique token can be deduced from the names of all input fields. The impact is CSRF exploitation risk as described in multiple sources. No exploit...
CVE-2022-43713
Interactive Forms IAF in GX Software XperienCentral versions 10.33.1 until 10.35.0 was vulnerable to invalid data input because form validation could be bypassed...
CVE-2022-43711
GX Software XperienCentral (versions 10.29.1–10.33.0) is affected by a cross-site scripting (XSS) vulnerability caused by the CSP header using eval() in the script-src directive. The issue is tied to Interactive Forms (IAF) functionality and can be triggered via user interaction with the affected...
CVE-2022-43711
Interactive Forms IAF in GX Software XperienCentral versions 10.29.1 until 10.33.0 was vulnerable to cross site scripting attacks XSS because the CSP header uses eval in the script-src...
CVE-2022-43710
Interactive Forms IAF in GX Software XperienCentral versions 10.31.0 until 10.33.0 was vulnerable to cross site request forgery CSRF because the unique token could be deduced using the names of all input fields...
CakeFuzzer - Automatically And Continuously Discover Vulnerabilities In Web Applications Created Based On Specific Frameworks
Cake Fuzzer is a project that is meant to help automatically and continuously discover vulnerabilities in web applications created based on specific frameworks with very limited false positives. Currently it is implemented to support the Cake PHP framework. If you would like to learn more about t...
Practice Your Security Prompting Skills
Gandalf is an interactive LLM game where the goal is to get the chatbot to reveal its password. There are eight levels of difficulty, as the chatbot gets increasingly restrictive instructions as to how it will answer. Its a great teaching tool. I am stuck on Level 7. Feel free to give hints and...