CVE-2022-50787

medium

Description

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains an unauthenticated stored cross-site scripting vulnerability in the username parameter that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated username input to execute arbitrary HTML and JavaScript code in victim browser sessions without authentication.

References

https://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-unauthenticated-stored-cross-site-scripting

https://exchange.xforce.ibmcloud.com/vulnerabilities/247920

https://packetstormsecurity.com/files/170258/SOUND4-IMPACT-FIRST-PULSE-Eco-2.x-Persistent-Cross-Site-Scripting.html

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5731.php

https://www.sound4.com/

Details

Source: Mitre, NVD

Published: 2025-12-30

Updated: 2026-01-13

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.2

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Severity: High

CVSS v4

Base Score: 5.3

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Severity: Medium

EPSS

EPSS: 0.00046