CVE-2022-39197 - Fortra Cobalt Strike Teamserver Cross-Site Scripting (XSS) Vulnerability

Fortra | Cobalt Strike

• Date Added:
• 2023-03-30

• Due Date:
• 2023-04-20

Vulnerability Name

Fortra Cobalt Strike Teamserver Cross-Site Scripting (XSS) Vulnerability

Description

Fortra Cobalt Strike contains a cross-site scripting (XSS) vulnerability in Teamserver that would allow an attacker to set a malformed username in the Beacon configuration, allowing them to execute code remotely.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions.

Additional Notes

https://www.cobaltstrike.com/blog/out-of-band-update-cobalt-strike-4-7-1/; https://nvd.nist.gov/vuln/detail/CVE-2022-39197

Top Security News

Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411)

Garmin GPS watches crashing, stuck in triangle 'reboot loop'

Microsoft fixes exploited zero-day (CVE-2024-49138)

DeepSeek Jailbreak Reveals Its Entire System Prompt

Broadcom Patches VMware Aria Flaws – Exploits May Lead to Credential Theft

Windows Server 2025 released—here are the new features

Engineering giant Smiths Group discloses security breach

Lightning AI Studio Vulnerability Could've Allowed RCE via Hidden URL Parameter

Common Alerts

InformationalObsolete Content Security Policy (CSP) Header Found

InformationalUser Agent Fuzzer

HighSpring4Shell

MediumMultiple X-Frame-Options Header Entries

LowDangerous JS Functions

MediumApplication Error Disclosure

LowStrict-Transport-Security Defined via META (Non-compliant with Spec)

HighOpen Redirect

InformationalUser Controllable HTML Element Attribute (Potential XSS)

MediumFile Upload

Latest CVE List

CVE-2024-45195 Apache OFBiz Forced Browsing Vulnerability

CVE-2024-29059 Microsoft .NET Framework Information Disclosure Vulnerability

CVE-2018-9276 Paessler PRTG Network Monitor OS Command Injection Vulnerability

CVE-2018-19410 Paessler PRTG Network Monitor Local File Inclusion Vulnerability

CVE-2025-24085 Apple Multiple Products Use-After-Free Vulnerability

CVE-2025-23006 SonicWall SMA1000 Appliances Deserialization Vulnerability

CVE-2020-11023 JQuery Cross-Site Scripting (XSS) Vulnerability

CVE-2024-50603 Aviatrix Controllers OS Command Injection Vulnerability

CVE-2024-55591 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability

CVE-2025-21333 Microsoft Windows Hyper-V NT Kernel Integration VSP Heap-based Buffer Overflow Vulnerability

Common CWEs

CWE-829 Inclusion of Functionality from Untrusted Control Sphere

CWE-456 Missing Initialization of a Variable

CWE-611 Improper Restriction of XML External Entity Reference

HighCWE-321 Use of Hard-coded Cryptographic Key

CWE-317 Cleartext Storage of Sensitive Information in GUI

CWE-241 Improper Handling of Unexpected Data Type

CWE-337 Predictable Seed in Pseudo-Random Number Generator (PRNG)

CWE-177 Improper Handling of URL Encoding (Hex Encoding)

CWE-1023 Incomplete Comparison with Missing Factors

CWE-437 Incomplete Model of Endpoint Features