CVE-2025-0513
1.8
CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Summary
In affected versions of Octopus Server error messages were handled unsafely on the error page. If an adversary could control any part of the error message they could embed code which may impact the user viewing the error message.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Octopus Deploy | Octopus Server | 2024.3.164 < 2024.3.12985 | affected |
| Octopus Deploy | Octopus Server | 2024.4.401 < 2024.4.6962 | affected |
Weaknesses
- XSS in Octopus Deploy error page
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.