CVE-2022-42948
- EPSS 19.51%
- Veröffentlicht 24.03.2023 14:15:09
- Zuletzt bearbeitet 03.11.2025 16:20:40
Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are displayed on Swing components. By injecting crafted HTML code, it is possible to remotely execute code in the Cobalt Strike UI.
CVE-2022-39197
- EPSS 20.16%
- Veröffentlicht 22.09.2022 01:15:11
- Zuletzt bearbeitet 03.11.2025 18:13:55
An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on the Cobalt Strike teamserver. To exploit the vulnerability, one must first inspect a Cobalt Strike payloa...
CVE-2022-23317
- EPSS 0.29%
- Veröffentlicht 15.02.2022 13:15:07
- Zuletzt bearbeitet 21.11.2024 06:48:23
CobaltStrike <=4.5 HTTP(S) listener does not determine whether the request URL begins with "/", and attackers can obtain relevant information by specifying the URL.
CVE-2021-36798
- EPSS 27.68%
- Veröffentlicht 09.08.2021 13:15:07
- Zuletzt bearbeitet 21.11.2024 06:14:07
A Denial-of-Service (DoS) vulnerability was discovered in Team Server in HelpSystems Cobalt Strike 4.2 and 4.3. It allows remote attackers to crash the C2 server thread and block beacons' communication with it.