Medium severity5.4NVD Advisory· Published Nov 13, 2017· Updated Jun 17, 2026
CVE-2017-16801
CVE-2017-16801
Description
Cross-site scripting (XSS) vulnerability in Octopus Deploy 3.7.0-3.17.13 (fixed in 3.17.14) allows remote authenticated users to inject arbitrary web script or HTML via the Step Template Name parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:octopus:octopus_deploy:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:octopus:octopus_deploy:*:*:*:*:*:*:*:*range: >=3.7.0,<=3.17.3
- (no CPE)range: 3.7.0-3.17.13
Patches
Vulnerability mechanics
References
1- github.com/OctopusDeploy/Issues/issues/3915nvdThird Party Advisory
News mentions
0No linked articles in our index yet.