← Volver a CVEs
CVE-2022-50787
HIGH7.2
Descripcion
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains an unauthenticated stored cross-site scripting vulnerability in the username parameter that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated username input to execute arbitrary HTML and JavaScript code in victim browser sessions without authentication.
Detalles CVE
Puntuacion CVSS v3.17.2
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado12/30/2025
Ultima modificacion1/13/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
sound4:big_voice2sound4:big_voice2_firmwaresound4:big_voice4sound4:big_voice4_firmwaresound4:firstsound4:first_firmwaresound4:impactsound4:impact_ecosound4:impact_eco_firmwaresound4:impact_firmwaresound4:pulsesound4:pulse_ecosound4:pulse_eco_firmwaresound4:pulse_firmwaresound4:stream_extensionsound4:wm2sound4:wm2_firmware
Debilidades (CWE)
CWE-79
Referencias
https://exchange.xforce.ibmcloud.com/vulnerabilities/247920(disclosure@vulncheck.com)
https://packetstormsecurity.com/files/170258/SOUND4-IMPACT-FIRST-PULSE-Eco-2.x-Persistent-Cross-Site-Scripting.html(disclosure@vulncheck.com)
https://www.sound4.com/(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-unauthenticated-stored-cross-site-scripting(disclosure@vulncheck.com)
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5731.php(disclosure@vulncheck.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.