CVE-2022-43710 – This CSRF vulnerability in GX Software XperienC... (How to Fix)

Q: What is the severity of CVE-2022-43710?

CVE-2022-43710 has a CVSS score of 8.8 (HIGH). This CSRF vulnerability in GX Software XperienCentral's Interactive Forms allows attackers to trick authenticated users into performing unintended actions by deducing the unique token from input field names. It affects all users of XperienCentral versions 10.31.0 through 10.33.0 who use the Interactive Forms feature.

📋 TL;DR

This CSRF vulnerability in GX Software XperienCentral's Interactive Forms allows attackers to trick authenticated users into performing unintended actions by deducing the unique token from input field names. It affects all users of XperienCentral versions 10.31.0 through 10.33.0 who use the Interactive Forms feature.

💻 Affected Systems

Products:

GX Software XperienCentral

Versions: 10.31.0 until 10.33.0

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with Interactive Forms (IAF) feature enabled and in use.

📦 What is this software?

Xperiencentral by Gxsoftware

View all CVEs affecting Xperiencentral →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could perform administrative actions, modify content, change user permissions, or steal sensitive data through forged requests executed by authenticated users.

🟠

Likely Case

Attackers trick users into submitting malicious form data, potentially modifying website content or user information without their knowledge.

🟢

If Mitigated

With proper CSRF protections and user awareness, impact is limited to unsuccessful attack attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires the attacker to craft malicious forms and trick authenticated users into submitting them.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.33.0 and later

Vendor Advisory: https://service.gxsoftware.com/hc/nl/articles/12208173122461

Restart Required: Yes

Instructions:

1. Upgrade to XperienCentral version 10.33.0 or later. 2. Restart the application server. 3. Verify the fix by testing form submissions.

🔧 Temporary Workarounds

Implement Additional CSRF Protection

all

Add custom CSRF tokens or implement referer checking at the web application firewall or proxy level.

🧯 If You Can't Patch

Disable Interactive Forms feature if not required
Implement strict referer checking and form validation at network perimeter

🔍 How to Verify

Check if Vulnerable:

Check XperienCentral version in admin panel. If version is between 10.31.0 and 10.33.0, and Interactive Forms are enabled, system is vulnerable.

Check Version:

Check XperienCentral admin dashboard or application.properties file for version information.

Verify Fix Applied:

After patching, test form submissions with invalid tokens to ensure they are rejected.

📡 Detection & Monitoring

Log Indicators:

Multiple failed form submissions with invalid tokens
Unusual form submissions from unexpected sources

Network Indicators:

HTTP POST requests to form endpoints without proper referer headers
Suspicious form submissions patterns

SIEM Query:

source="xperiencentral" AND (event="form_submission_failed" OR event="csrf_token_mismatch")

📊 Metadata

CVE ID: CVE-2022-43710

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

Published: July 26, 2023

Last Updated: November 21, 2024

🔗 References

https://service.gxsoftware.com Product
https://service.gxsoftware.com/hc/nl/articles/12208173122461 Vendor Advisory
https://service.gxsoftware.com Product
https://service.gxsoftware.com/hc/nl/articles/12208173122461 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-43710, you might also want to check these: