CVE-2022-39197

Fortra Cobalt Strike contains a cross-site scripting (XSS) vulnerability in Teamserver that would allow an attacker to set a malformed username in the Beacon configuration, allowing them to execute code remotely. Vendor/Product: Fortra Cobalt Strike. Added to CISA KEV 2023-03-30; required action: Apply updates per vendor instructions.