CVE-2022-4898

Name of the Vulnerable Software and Affected Versions Octopus Server (affected versions not specified)

Description The issue concerns a Cross-Site Scripting (XSS) payload that can be included in the support link of the help sidebar in affected versions of Octopus Server. Initially, a fix was implemented, but it was later discovered that this fix could be bypassed under certain circumstances. As a result, an alternative approach was taken to prevent the support link from being susceptible to XSS.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.