VYPR
Unrated severityNVD Advisory· Published Jan 13, 2026· Updated Apr 7, 2026

Prowise Reflect v1.0.9 - Remote Keystroke Injection

CVE-2022-50925

Description

Prowise Reflect version 1.0.9 contains a remote keystroke injection vulnerability that allows attackers to send keyboard events through an exposed WebSocket on port 8082. Attackers can craft malicious web pages to inject keystrokes, opening applications and typing arbitrary text by sending specific WebSocket messages.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Prowise/Reflectllm-create2 versions
    = 1.0.9+ 1 more
    • (no CPE)range: = 1.0.9
    • (no CPE)range: V1.0.9

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.