Lucene search
OctopusCVELIST:CVE-2022-4898HistoryJan 31, 2023 - 12:00 a.m.
CVE-2022-4898
2023-01-3100:00:00
Octopus
www.cve.org
octopus server
cross-site scripting
support link
bypassed fix
xss
0.001 Low
EPSS
Percentile
21.2%
In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link. This was initially resolved in advisory 2022-07 however it was identified that the fix could be bypassed in certain circumstances. A different approach was taken to prevent the possibility of the support link being susceptible to XSS
CNA Affected
[
{
"vendor": "Octopus Deploy",
"product": "Octopus Server",
"versions": [
{
"version": "2019.7.0",
"status": "affected",
"lessThan": "unspecified",
"versionType": "custom"
},
{
"version": "unspecified",
"lessThan": "2022.2.8552",
"status": "affected",
"versionType": "custom"
},
{
"version": "2022.3.348",
"status": "affected",
"lessThan": "unspecified",
"versionType": "custom"
},
{
"version": "unspecified",
"lessThan": "2022.3.10750",
"status": "affected",
"versionType": "custom"
},
{
"version": "2022.4.791",
"status": "affected",
"lessThan": "unspecified",
"versionType": "custom"
},
{
"version": "unspecified",
"lessThan": "2022.4.8319",
"status": "affected",
"versionType": "custom"
}
]
}
]Related
cve
cve
CVE-2022-4898
2023-01-31 04:15:07
prion
prion
Cross site scripting
2023-01-31 04:15:00
nvd
nvd
CVE-2022-4898
2023-01-31 04:15:07