CVE-2022-50925

CRITICAL 9.8

Prowise Reflect v1.0.9 - Remote Keystroke Injection

CVSS Score

9.8

EPSS Score

0.0%

EPSS Percentile

0th

Prowise Reflect version 1.0.9 contains a remote keystroke injection vulnerability that allows attackers to send keyboard events through an exposed WebSocket on port 8082. Attackers can craft malicious web pages to inject keystrokes, opening applications and typing arbitrary text by sending specific WebSocket messages.

CWE	CWE-346
Vendor	prowise
Product	prowise reflect
Published	Jan 13, 2026
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for prowise prowise reflect

Be the first to know when new critical vulnerabilities affecting prowise prowise reflect are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Prowise / Prowise Reflect

V1.0.9

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/50796 prowise.com: https://www.prowise.com/ vulncheck.com: https://www.vulncheck.com/advisories/prowise-reflect-remote-keystroke-injection

Credits

Rik Lutz