CVE-2022-39197
An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- September 02, 2022
- Published Date
- September 22, 2022
- Last Updated
- January 28, 2025
- Vendor
- n/a
- Product
- n/a
- Description
- An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on the Cobalt Strike teamserver. To exploit the vulnerability, one must first inspect a Cobalt Strike payload, and then modify the username field in the payload (or create a new payload with the extracted information and then modify that username field to be malformed).
CVSS Scores
CVSS v3.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
SSVC Information
- Exploitation
- active
- Technical Impact
- partial
References
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2023-03-30 00:00:00 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
adeljck/CVE-2022-39197
Type: github • Created: 2022-11-24 17:22:10 UTC • Stars: 2
TheCryingGame/CVE-2022-39197-RCE
Type: github • Created: 2022-10-22 10:11:37 UTC • Stars: 13
its-arun/CVE-2022-39197
Type: github • Created: 2022-10-14 11:46:01 UTC • Stars: 382
4nth0ny1130/CVE-2022-39197-fix_patch
Type: github • Created: 2022-10-09 04:06:23 UTC • Stars: 7
burpheart/CVE-2022-39197-patch
Type: github • Created: 2022-09-26 08:58:21 UTC • Stars: 315
xzajyjs/CVE-2022-39197-POC
Type: github • Created: 2022-09-23 08:20:07 UTC • Stars: 48
safe3s/CVE-2022-39197
Type: github • Created: 2022-09-21 06:22:10 UTC • Stars: 3