ГлавнаяУязвимости → CVE-2022-50925
9.8критическая

CVE-2022-50925

Описание

Prowise Reflect version 1.0.9 contains a remote keystroke injection vulnerability that allows attackers to send keyboard events through an exposed WebSocket on port 8082. Attackers can craft malicious web pages to inject keystrokes, opening applications and typing arbitrary text by sending specific WebSocket messages.

Затрагиваемое ПО
Prowise Reflect
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://www.exploit-db.com/exploits/50796https://www.prowise.com/https://www.vulncheck.com/advisories/prowise-reflect-remote-keystroke-injectionhttps://www.exploit-db.com/exploits/50796