CVE-2022-50925

{"id": "CVE-2022-50925", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2022-50925", "role": "CISA Coordinator", "options": [{"exploitation": "poc"}, {"automatable": "no"}, {"technicalImpact": "total"}], "version": "2.0.3", "timestamp": "2026-01-14T15:50:21.662128Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.6, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "affected": [{"source": "disclosure@vulncheck.com", "affectedData": [{"vendor": "Prowise", "product": "Prowise Reflect", "versions": [{"status": "affected", "version": "V1.0.9"}]}]}], "published": "2026-01-13T23:15:56.687", "references": [{"url": "https://www.exploit-db.com/exploits/50796", "tags": ["Exploit"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.prowise.com/", "tags": ["Product"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/prowise-reflect-remote-keystroke-injection", "tags": ["Third Party Advisory"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/50796", "tags": ["Exploit"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-346"}]}], "descriptions": [{"lang": "en", "value": "Prowise Reflect version 1.0.9 contains a remote keystroke injection vulnerability that allows attackers to send keyboard events through an exposed WebSocket on port 8082. Attackers can craft malicious web pages to inject keystrokes, opening applications and typing arbitrary text by sending specific WebSocket messages."}, {"lang": "es", "value": "Prowise Reflect versi\u00f3n 1.0.9 contiene una vulnerabilidad de inyecci\u00f3n remota de pulsaciones de teclas que permite a los atacantes enviar eventos de teclado a trav\u00e9s de un WebSocket expuesto en el puerto 8082. Los atacantes pueden crear p\u00e1ginas web maliciosas para inyectar pulsaciones de teclas, abriendo aplicaciones y escribiendo texto arbitrario enviando mensajes WebSocket espec\u00edficos."}], "lastModified": "2026-06-17T05:24:26.053", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:prowise:reflect:1.0.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4941A2DE-0389-48CF-BB53-71145B6CD93A"}], "operator": "OR"}]}], "sourceIdentifier": "disclosure@vulncheck.com"}