CVE-2022-50925

CRITICAL

Prowise Reflect <1.0.9 - Code Injection

Title source: llm

Description

Prowise Reflect version 1.0.9 contains a remote keystroke injection vulnerability that allows attackers to send keyboard events through an exposed WebSocket on port 8082. Attackers can craft malicious web pages to inject keystrokes, opening applications and typing arbitrary text by sending specific WebSocket messages.

Exploits (1)

exploitdb WORKING POC

by Rik Lutz · htmlremotewindows

https://www.exploit-db.com/exploits/50796

View Code ZIP pw:eip

References (3)

[Exploit] https://www.exploit-db.com/exploits/50796

[Product] https://www.prowise.com/

[Third Party Advisory] https://www.vulncheck.com/advisories/prowise-reflect-remote-keystroke-injection

Scores

CVSS v3 9.8

EPSS 0.0003

EPSS Percentile 7.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-346

Status published

Affected Products (1)

prowise/reflect

Timeline

Published Jan 13, 2026

Tracked Since Feb 18, 2026