CVE-2025-0513
MEDIUMOctopus Server 2024.3.164-2024.3.12985 - Cross-Site Scripting in Error Page
Title source: llmDescription
In affected versions of Octopus Server error messages were handled unsafely on the error page. If an adversary could control any part of the error message they could embed code which may impact the user viewing the error message.
References (1)
Core 1
Core References
Scores
CVSS v3
5.4
EPSS
0.0023
EPSS Percentile
14.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
octopus/octopus_server
2024.3.164 - 2024.3.12985
Published
Feb 11, 2025
Tracked Since
Feb 18, 2026