CVE-2022-50787

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x

Description The software contains an unauthenticated stored cross-site scripting issue. An attacker can inject malicious scripts through the username parameter. This allows execution of arbitrary HTML and JavaScript code in a victim’s browser session without requiring authentication.

Recommendations Apply input validation and sanitization to the username parameter to prevent the injection of malicious scripts.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2022-50787

Affected Products

Eco

First

Pulse

Sound4 Impact

CVE-2022-50787

Weakness Enumeration

Related Identifiers

Affected Products

References · 9