Vulnerability Description
Interactive Forms (IAF) in GX Software XperienCentral versions 10.29.1 until 10.33.0 was vulnerable to cross site scripting attacks (XSS) because the CSP header uses eval() in the script-src.
CVSS Score
6.1
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gxsoftware | Xperiencentral | >= 10.29.1, <= 10.33.0 |
Related Weaknesses (CWE)
References
- https://service.gxsoftware.comProduct
- https://service.gxsoftware.com/hc/nl/articles/12208173122461Vendor Advisory
- https://service.gxsoftware.comProduct
- https://service.gxsoftware.com/hc/nl/articles/12208173122461Vendor Advisory
FAQ
What is CVE-2022-43711?
CVE-2022-43711 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Interactive Forms (IAF) in GX Software XperienCentral versions 10.29.1 until 10.33.0 was vulnerable to cross site scripting attacks (XSS) because the CSP header uses eval() in the script-src.
How severe is CVE-2022-43711?
CVE-2022-43711 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-43711?
Check the references section above for vendor advisories and patch information. Affected products include: Gxsoftware Xperiencentral.