CVE-2022-43710

{"id": "CVE-2022-43710", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2023-07-26T14:15:09.767", "references": [{"url": "https://service.gxsoftware.com", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://service.gxsoftware.com/hc/nl/articles/12208173122461", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Interactive Forms (IAF) in GX Software XperienCentral versions 10.31.0 until 10.33.0 was vulnerable to cross site request forgery (CSRF) because the unique token could be deduced using the names of all input fields."}], "lastModified": "2023-08-04T16:05:41.757", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gxsoftware:xperiencentral:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58F3521E-8CE1-49F8-A78D-BECAAC6D2735", "versionEndIncluding": "10.33.0", "versionStartIncluding": "10.31.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}