{"uuid": "1d139dc9-4587-4b79-aeb8-9f4c9e40aadd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-39197", "type": "published-proof-of-concept", "source": "https://t.me/Cobalt_Strike_info/323", "content": "Cobalt Strike - XSS Exploit Explained CVE-2022-39197 is a simple XSS vulnerability but it's possible to get RCE from this because you can define an account username in the Beacon configuration.\nThis exploit targets the client a user uses to connect to a C2 server, displaying all infected systems to the user. It is a cross site scripting attack written in Java which payload contains HTML tags.", "creation_timestamp": "2022-10-22T02:11:56.000000Z"}