EUVD-2024-44564

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Vulnerable Octopus Server allows Cross-Site Scripting on the audit page for certain access levels.

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2024-4456	16 Jan 202506:55	–	circl
CNNVD	Octopus Server 安全漏洞	8 May 202400:00	–	cnnvd
CVE	CVE-2024-4456	8 May 202400:46	–	cve
Cvelist	CVE-2024-4456	8 May 202400:46	–	cvelist
NVD	CVE-2024-4456	8 May 202401:15	–	nvd
OSV	CVE-2024-4456	8 May 202401:15	–	osv
Positive Technologies	PT-2024-31182 · Unknown · Octopus Server	8 May 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-4456	23 May 202507:56	–	redhatcve
Vulnrichment	CVE-2024-4456	8 May 202400:46	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "e28e009f-a8a4-3ee2-9935-cdcc0ebd626a",
        "vendor": {
          "name": "Octopus Deploy"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "22cd3d9f-4fc4-3ba5-98e9-db65126ee172",
        "product": {
          "name": "Octopus Server"
        },
        "product_version": "2023.4.296 <2023.4.8338"
      },
      {
        "id": "72375f3a-d597-3b81-99d5-3b8be4cf635c",
        "product": {
          "name": "Octopus Server"
        },
        "product_version": "3.0 <2023.3.13361"
      },
      {
        "id": "9692377a-baa2-3304-be29-33f893dd8d82",
        "product": {
          "name": "Octopus Server"
        },
        "product_version": "2024.1.437 <2024.1.11127"
      }
    ]
  }
]

Source	Link
advisories	www.advisories.octopus.com/post/2024/sa2024-04/

03 Oct 2025 20:07Current

6.6Medium risk

Vulners AI Score6.6

CVSS 3.14.1 - 5.4

EPSS0.00256

SSVC