Security Advisory

CVE-2022-42948

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-03-24 00:00:00

Last updated 2025-10-21 23:15:21

Assigner mitre

State PUBLISHED

Description

Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are displayed on Swing components. By injecting crafted HTML code, it is possible to remotely execute code in the Cobalt Strike UI.

← Browse all CVEs View on cve.org ↗