VYPR
Unrated severityCISA KEVNVD Advisory· Published Mar 24, 2023· Updated Oct 21, 2025

CVE-2022-42948

CVE-2022-42948

Description

Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are displayed on Swing components. By injecting crafted HTML code, it is possible to remotely execute code in the Cobalt Strike UI.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.