exploitDog

CVE-2022-4898

Опубликовано: 31 янв. 2023

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link. This was initially resolved in advisory 2022-07 however it was identified that the fix could be bypassed in certain circumstances. A different approach was taken to prevent the possibility of the support link being susceptible to XSS

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:*

Версия от 2019.7.0 (включая) до 2022.2.8552 (исключая)

cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:*

Версия от 2022.3.348 (включая) до 2022.3.10750 (исключая)

cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:*

Версия от 2022.4.791 (включая) до 2022.4.8319 (исключая)

EPSS

Процентиль: 44%

0.00213

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-4gvq-c37w-77wr

CVSS3: 5.4

github

около 3 лет назад

In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link. This was initially resolved in advisory 2022-07 however it was identified that the fix could be bypassed in certain circumstances. A different approach was taken to prevent the possibility of the support link being susceptible to XSS

EPSS

Процентиль: 44%

0.00213

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

CWE-79