CVE-2022-50787 – CVE-2022-50787 is an unauthenticated stored cro... (How to Fix)

Q: What is the severity of CVE-2022-50787?

CVE-2022-50787 has a CVSS score of 7.2 (HIGH). CVE-2022-50787 is an unauthenticated stored cross-site scripting vulnerability in SOUND4 IMPACT/FIRST/PULSE/Eco software versions 2.x. Attackers can inject malicious scripts via the username parameter, which executes in victim browsers without authentication. Organizations using affected SOUND4 products are vulnerable to session hijacking and client-side attacks.

📋 TL;DR

CVE-2022-50787 is an unauthenticated stored cross-site scripting vulnerability in SOUND4 IMPACT/FIRST/PULSE/Eco software versions 2.x. Attackers can inject malicious scripts via the username parameter, which executes in victim browsers without authentication. Organizations using affected SOUND4 products are vulnerable to session hijacking and client-side attacks.

💻 Affected Systems

Products:

SOUND4 IMPACT
SOUND4 FIRST
SOUND4 PULSE
SOUND4 Eco

Versions: 2.x versions

Operating Systems: Not OS-specific - affects the application itself

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with default configurations are vulnerable. The vulnerability exists in the web interface component.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers steal administrator credentials, take full control of the system, pivot to internal networks, and deploy ransomware or exfiltrate sensitive data.

🟠

Likely Case

Session hijacking leading to unauthorized access, data theft, or defacement of the application interface.

🟢

If Mitigated

Limited impact with proper input validation, output encoding, and web application firewalls blocking malicious payloads.

🌐 Internet-Facing: HIGH - Unauthenticated exploitation allows remote attackers to target any internet-facing instance without credentials.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this, but requires some network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires minimal technical skill - attackers can use publicly available proof-of-concept scripts. The stored XSS persists across sessions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified by vendor

Vendor Advisory: https://www.sound4.com/

Restart Required: No

Instructions:

1. Check vendor website for security updates 2. Apply any available patches 3. Validate fix by testing username parameter injection

🔧 Temporary Workarounds

Web Application Firewall (WAF)

all

Deploy WAF rules to block XSS payloads in username parameter

# Example ModSecurity rule: SecRule ARGS:username "@detectXSS" "id:1001,phase:2,deny,status:403"

Input Validation Filter

all

Implement server-side filtering to sanitize username input

# Example PHP: $username = htmlspecialchars($_POST['username'], ENT_QUOTES, 'UTF-8');

🧯 If You Can't Patch

Isolate affected systems behind network segmentation to limit attack surface
Implement strict content security policy (CSP) headers to mitigate script execution

🔍 How to Verify

Check if Vulnerable:

Test by submitting a username with XSS payload like <script>alert('test')</script> and check if it persists

Check Version:

Check application interface or configuration files for version information

Verify Fix Applied:

Attempt the same XSS payload and verify it's properly sanitized or blocked

📡 Detection & Monitoring

Log Indicators:

Unusual username entries containing script tags or JavaScript code
Multiple failed login attempts with malicious usernames

Network Indicators:

HTTP requests with script tags in username parameter
Unusual outbound connections from application server

SIEM Query:

source="web_logs" AND (username="*<script>*" OR username="*javascript:*")

📊 Metadata

CVE ID: CVE-2022-50787

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.31% exploit probability (53.6th percentile)

Published: December 30, 2025

Last Updated: January 13, 2026

🔗 References

https://exchange.xforce.ibmcloud.com/vulnerabilities/247920 Third Party Advisory
https://packetstormsecurity.com/files/170258/SOUND4-IMPACT-FIRST-PULSE-Eco-2.x-Persistent-Cross-Site-Scripting.html Exploit,Third Party Advisory,VDB Entry
https://www.sound4.com/ Product
https://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-unauthenticated-stored-cross-site-scripting Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5731.php Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-50787, you might also want to check these: