CVE-2022-50925
8.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
Prowise Reflect version 1.0.9 contains a remote keystroke injection vulnerability that allows attackers to send keyboard events through an exposed WebSocket on port 8082. Attackers can craft malicious web pages to inject keystrokes, opening applications and typing arbitrary text by sending specific WebSocket messages.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Prowise | Prowise Reflect | V1.0.9 | affected |
Weaknesses
- CWE-346: Origin Validation Error
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: total
Additional References
References
- https://www.exploit-db.com/exploits/50796
- https://www.prowise.com/
- https://www.vulncheck.com/advisories/prowise-reflect-remote-keystroke-injection
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.