exploitDog

CVE-2022-50925

Опубликовано: 13 янв. 2026

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Prowise Reflect version 1.0.9 contains a remote keystroke injection vulnerability that allows attackers to send keyboard events through an exposed WebSocket on port 8082. Attackers can craft malicious web pages to inject keystrokes, opening applications and typing arbitrary text by sending specific WebSocket messages.

Ссылки

https://www.exploit-db.com/exploits/50796
Exploit
https://www.prowise.com/
Product
https://www.vulncheck.com/advisories/prowise-reflect-remote-keystroke-injection
Third Party Advisory
https://www.exploit-db.com/exploits/50796
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:prowise:reflect:1.0.9:*:*:*:*:*:*:*

EPSS

Процентиль: 5%

0.00023

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-346

Связанные уязвимости

GHSA-cj53-rx7h-6vm4

CVSS3: 9.8

github

25 дней назад

Prowise Reflect version 1.0.9 contains a remote keystroke injection vulnerability that allows attackers to send keyboard events through an exposed WebSocket on port 8082. Attackers can craft malicious web pages to inject keystrokes, opening applications and typing arbitrary text by sending specific WebSocket messages.

EPSS

Процентиль: 5%

0.00023

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-346