gxsoftware 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は vendor risk cross-site scripting、vendor risk csrf, and vendor risk input validation に関連することが多く、vendor surface production workloads and vendor surface software deployment の文脈で vendor impact session compromise and vendor impact unexpected behavior などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2022-43713 | Interactive Forms (IAF) in GX Software XperienCentral versions 10.33.1 until 10.35.0 was vulnerable to invalid data input because form validation could be bypassed. | [email protected] | 7.5 | 0.43% | 2023-07-26 | 2024-11-21 |
| CVE-2022-43712 | POST requests to /web/mvc in GX Software XperienCentral version 10.36.0 and earlier were not blocked for uses that are not logged in. If an unauthorized user is able to bypass other security filters they are able to post unauthorized data to the server because of CVE-2022-22965. | [email protected] | 6.5 | 0.39% | 2023-07-26 | 2024-11-21 |
| CVE-2022-43711 | Interactive Forms (IAF) in GX Software XperienCentral versions 10.29.1 until 10.33.0 was vulnerable to cross site scripting attacks (XSS) because the CSP header uses eval() in the script-src. | [email protected] | 6.1 | 0.27% | 2023-07-26 | 2024-11-21 |
| CVE-2022-43710 | Interactive Forms (IAF) in GX Software XperienCentral versions 10.31.0 until 10.33.0 was vulnerable to cross site request forgery (CSRF) because the unique token could be deduced using the names of all input fields. | [email protected] | 8.8 | 0.18% | 2023-07-26 | 2024-11-21 |