CVE-2023-53961
Published: Dec 22, 2025
Modified: Jan 16, 2026
CVSS v3.1
4.3
Description
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages that submit HTTP requests to the radio processing interface, triggering unintended administrative operations when a logged-in user visits the page.
| Vendor | Product | Versions |
|---|---|---|
SOUND4 Ltd. | Impact/Pulse/First | affected Version 2: 1.1/2.15 |
SOUND4 Ltd. | Impact/Pulse Eco | affected 1.16 |
SOUND4 Ltd. | BigVoice4 | affected 1.2 |
SOUND4 Ltd. | BigVoice2 | affected 1.30 |
SOUND4 Ltd. | Stream | affected 1.1/2.4.29 |
Kantar Media | WM2 | affected 1.11 |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now