Vulnerabilities > Gxsoftware > Xperiencentral > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-26 | CVE-2022-43711 | Cross-site Scripting vulnerability in Gxsoftware Xperiencentral Interactive Forms (IAF) in GX Software XperienCentral versions 10.29.1 until 10.33.0 was vulnerable to cross site scripting attacks (XSS) because the CSP header uses eval() in the script-src. | 6.1 |
| 2023-07-26 | CVE-2022-43712 | Missing Authorization vulnerability in Gxsoftware Xperiencentral POST requests to /web/mvc in GX Software XperienCentral version 10.36.0 and earlier were not blocked for uses that are not logged in. | 6.5 |