CVE-2022-39197

Name of the Vulnerable Software and Affected Versions HelpSystems Cobalt Strike versions through 4.7

Description A Cross Site Scripting (XSS) issue was found that allows a remote attacker to execute HTML on the Cobalt Strike teamserver. To exploit this issue, an attacker must first inspect a Cobalt Strike payload, then modify the username field in the payload to be malformed.

Recommendations For versions through 4.7, as a temporary workaround, consider restricting access to the teamserver to minimize the risk of exploitation. Avoid using the username field in the affected payload until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.