CVE-2022-50787 MEDIUM

CVE-2022-50787: SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated Stored Cross-Site Scripting

Vendor Sound4 Ltd.
Product Impact/Pulse/First
Weakness CWE-79 · XSS
Published December 30, 2025
Last update January 2, 2026
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains an unauthenticated stored cross-site scripting vulnerability in the username parameter that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated username input to execute arbitrary HTML and JavaScript code in victim browser sessions without authentication.

Key dates

02Disclosure timeline

December 30, 2025 CVE published
January 2, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-1469 Stored Cross-Site Scripting (XSS) in RLE NOVA's PlanManager CVE-2023-50827 WordPress Accredible Certificates & Open Badges Plugin <= 1.4.8 is vulnerable to Cross Site Scripting (XSS) CVE-2024-53843 Reflected XSS Vulnerability in Authentication Flow URL Handling in @dapperduckling/keycloak-connector-server CVE-2022-31097 Stored XSS in Grafana's Unified Alerting CVE-2023-45772 WordPress Proofreading Plugin <= 1.0.11 is vulnerable to Cross Site Scripting (XSS)