cbcvebase.
CVE-2022-4898
published 2023-01-31

CVE-2022-4898: In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link. This was initially…

PriorityP424medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.39%
30.7th percentile
In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link. This was initially resolved in advisory 2022-07 however it was identified that the fix could be bypassed in certain circumstances. A different approach was taken to prevent the possibility of the support link being susceptible to XSS

Affected

9 ranges
VendorProductVersion rangeFixed in
octopusoctopus_server>= 2019.7.0 < 2022.2.85522022.2.8552
octopusoctopus_server>= 2022.3.348 < 2022.3.107502022.3.10750
octopusoctopus_server>= 2022.4.791 < 2022.4.83192022.4.8319
octopus_deployoctopus_server>= 2019.7.0 < unspecifiedunspecified
octopus_deployoctopus_server>= 2022.3.348 < unspecifiedunspecified
octopus_deployoctopus_server>= 2022.4.791 < unspecifiedunspecified
octopus_deployoctopus_server>= unspecified < 2022.2.85522022.2.8552
octopus_deployoctopus_server>= unspecified < 2022.3.107502022.3.10750
octopus_deployoctopus_server>= unspecified < 2022.4.83192022.4.8319
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.