exploitDog

CVE-2022-43711

Опубликовано: 26 июл. 2023

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Interactive Forms (IAF) in GX Software XperienCentral versions 10.29.1 until 10.33.0 was vulnerable to cross site scripting attacks (XSS) because the CSP header uses eval() in the script-src.

Ссылки

https://service.gxsoftware.com
Product
https://service.gxsoftware.com/hc/nl/articles/12208173122461
Vendor Advisory
https://service.gxsoftware.com
Product
https://service.gxsoftware.com/hc/nl/articles/12208173122461
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gxsoftware:xperiencentral:*:*:*:*:*:*:*:*

Версия от 10.29.1 (включая) до 10.33.0 (включая)

EPSS

Процентиль: 50%

0.00271

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-68vv-6jg5-67fm

CVSS3: 6.1

github

больше 2 лет назад

Interactive Forms (IAF) in GX Software XperienCentral versions 10.29.1 until 10.33.0 was vulnerable to cross site scripting attacks (XSS) because the CSP header uses eval() in the script-src.

EPSS

Процентиль: 50%

0.00271

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79