Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Xperiencentral Security Vulnerabilities

cve
cve

CVE-2022-43710

Interactive Forms (IAF) in GX Software XperienCentral versions 10.31.0 until 10.33.0 was vulnerable to cross site request forgery (CSRF) because the unique token could be deduced using the names of all input fields.

8.8CVSS

8.6AI Score

0.001EPSS

2023-07-26 02:15 PM
18
cve
cve

CVE-2022-43711

Interactive Forms (IAF) in GX Software XperienCentral versions 10.29.1 until 10.33.0 was vulnerable to cross site scripting attacks (XSS) because the CSP header uses eval() in the script-src.

6.1CVSS

6AI Score

0.001EPSS

2023-07-26 02:15 PM
16
cve
cve

CVE-2022-43712

POST requests to /web/mvc in GX Software XperienCentral version 10.36.0 and earlier were not blocked for uses that are not logged in. If an unauthorized user is able to bypass other security filters they are able to post unauthorized data to the server because of CVE-2022-22965.

6.5CVSS

8.2AI Score

0.975EPSS

2023-07-26 02:15 PM
48
cve
cve

CVE-2022-43713

Interactive Forms (IAF) in GX Software XperienCentral versions 10.33.1 until 10.35.0 was vulnerable to invalid data input because form validation could be bypassed.

7.5CVSS

7.4AI Score

0.001EPSS

2023-07-26 02:15 PM
23