PT-2023-14299 · Gx · Xperiencentral
Published
2023-07-26
·
Updated
2023-08-04
·
CVE-2022-43711
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
GX Software XperienCentral versions 10.29.1 through 10.33.0
Description
The issue allows for cross site scripting attacks (XSS) due to the Content Security Policy (CSP) header using eval() in the script-src, which is associated with Interactive Forms (IAF) in the software.
Recommendations
For GX Software XperienCentral versions 10.29.1 through 10.33.0, consider updating the CSP header to avoid using eval() in the script-src to prevent XSS attacks. As a temporary workaround, consider restricting access to Interactive Forms (IAF) until a patch is available.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Xperiencentral