Threat Advisories - NVD Disclosed September 22, 2022

CVE-2022-39197

Cobalt Strike Cross-Site Scripting Vulnerability

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A Cross-Site Scripting vulnerability in Cobalt Strike allows remote attackers to execute HTML. This impacts organizations using Cobalt Strike, as attackers can manipulate payload usernames to achieve code execution, posing a business risk to data and systems.

NVD published: September 22, 2022 • CISA KEV