Medium severity5.4NVD Advisory· Published Jan 31, 2023· Updated Jun 17, 2026
CVE-2022-4898
CVE-2022-4898
Description
In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link. This was initially resolved in advisory 2022-07 however it was identified that the fix could be bypassed in certain circumstances. A different approach was taken to prevent the possibility of the support link being susceptible to XSS
Affected products
2Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.