In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link. This was initially resolved in advisory 2022-07 however it was identified that the fix could be bypassed in certain circumstances. A different approach was taken to prevent the possibility of the support link being susceptible to XSS
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Octopus

Published: 2023-01-31T00:00:00

Updated: 2024-08-03T01:55:45.702Z

Reserved: 2023-01-30T00:00:00

Link: CVE-2022-4898

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-01-31T04:15:07.647

Modified: 2024-11-21T07:36:12.210

Link: CVE-2022-4898

cve-icon Redhat

No data.