Cobalt Strike

cobalt_strike

Vendor: Helpsystems • 4 CVEs

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-42948 1Helpsystems 1Cobalt Strike Nov 3, 2025 Mar 24, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are displayed on Swing components. By injecting crafted HTML code, it is possible to remotely execute code in the Cobalt Strike UI.
CVE-2022-39197 1Helpsystems 1Cobalt Strike Nov 3, 2025 Sep 22, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on the Cobalt Strike teamserver. To exploit the vulnerability, one must first...Show more An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on the Cobalt Strike teamserver. To exploit the vulnerability, one must first inspect a Cobalt Strike payload, and then modify the username field in the payload (or create a new payload with the extracted information and then modify that username field to be malformed).Show less
CVE-2022-23317 1Helpsystems 1Cobalt Strike Nov 21, 2024 Feb 15, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 CobaltStrike <=4.5 HTTP(S) listener does not determine whether the request URL begins with "/", and attackers can obtain relevant information by specifying the URL.
CVE-2021-36798 1Helpsystems 1Cobalt Strike Nov 21, 2024 Aug 9, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A Denial-of-Service (DoS) vulnerability was discovered in Team Server in HelpSystems Cobalt Strike 4.2 and 4.3. It allows remote attackers to crash the C2 server thread and block beacons' communication with it.