7.2
CVE-2022-50787
- EPSS 0.31%
- Veröffentlicht 30.12.2025 22:41:35
- Zuletzt bearbeitet 13.01.2026 15:12:24
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
LoginSOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains an unauthenticated stored cross-site scripting vulnerability in the username parameter that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated username input to execute arbitrary HTML and JavaScript code in victim browser sessions without authentication.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sound4 ≫ Impact Firmware Version2.15
Sound4 ≫ Impact Firmware Version1.69
Sound4 ≫ Pulse Firmware Version2.15
Sound4 ≫ Pulse Firmware Version1.69
Sound4 ≫ First Firmware Version2.15
Sound4 ≫ First Firmware Version1.69
Sound4 ≫ Impact Eco Firmware Version1.16
Sound4 ≫ Pulse Eco Firmware Version1.16
Sound4 ≫ Big Voice4 Firmware Version1.2
Sound4 ≫ Big Voice2 Firmware Version1.30
Sound4 ≫ Wm2 Firmware Version1.11
Sound4 ≫ Stream Extension Version2.4.29
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.31% | 0.536 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| disclosure@vulncheck.com | 7.2 | 3.9 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
| disclosure@vulncheck.com | 5.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.