In affected versions of Octopus Server error messages were handled unsafely on the error page. If an adversary could control any part of the error message they could embed code which may impact the user viewing the error message.
References
Link | Resource |
---|---|
https://advisories.octopus.com/post/2024/sa2025-04/ | Broken Link |
Configurations
Configuration 1 (hide)
AND |
|
History
02 Jul 2025, 17:24
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* |
|
First Time |
Microsoft
Octopus octopus Server Linux Microsoft windows Linux linux Kernel Octopus |
|
References | () https://advisories.octopus.com/post/2024/sa2025-04/ - Broken Link | |
Summary |
|
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
11 Feb 2025, 15:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-79 |
11 Feb 2025, 11:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-02-11 11:15
Updated : 2025-07-02 17:24
NVD link : CVE-2025-0513
Mitre link : CVE-2025-0513
CVE.ORG link : CVE-2025-0513
JSON object : View
Products Affected
microsoft
- windows
octopus
- octopus_server
linux
- linux_kernel
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')