CVE-2022-43710

{"id": "CVE-2022-43710", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2023-07-26T14:15:09.767", "references": [{"url": "https://service.gxsoftware.com", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://service.gxsoftware.com/hc/nl/articles/12208173122461", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://service.gxsoftware.com", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://service.gxsoftware.com/hc/nl/articles/12208173122461", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Interactive Forms (IAF) in GX Software XperienCentral versions 10.31.0 until 10.33.0 was vulnerable to cross site request forgery (CSRF) because the unique token could be deduced using the names of all input fields."}], "lastModified": "2024-11-21T07:27:06.440", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gxsoftware:xperiencentral:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58F3521E-8CE1-49F8-A78D-BECAAC6D2735", "versionEndIncluding": "10.33.0", "versionStartIncluding": "10.31.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}