CVE-2022-39197CISA KEVEPSS p98.7%

CVE-2022-39197Fortra Cobalt Strike Teamserver Cross-Site Scripting (XSS) Vulnerability

Fortra / Cobalt Strike

Description

Fortra Cobalt Strike contains a cross-site scripting (XSS) vulnerability in Teamserver that would allow an attacker to set a malformed username in the Beacon configuration, allowing them to execute code remotely.

Scoring

EPSS46.45% probability of exploitation · percentile 98.7% · 2026-06-18T12:00:27Z

CISA KEV entry

Added to KEV: 2023-03-30

(incoming)1

TypeTargetConfidenceTier
KEVEntryFortra Cobalt Strike Teamserver Cross-Site Scripting (XSS) Vulnerabilitykev-cve-2022-391970%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Fortra Cobalt Strike User Interface Remote Code Execution Vulnerability
CVE
CVE-2026-35466
CVE
CVE-2026-23702
CVE
CVE-2026-49381
CVE
CVE-2026-49371
CVE
CVE-2026-49375
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.