In JetBrains YouTrack before 2021.3.21051, stored XSS is possible.
In JetBrains TeamCity before 2021.1.2, stored XSS is possible.
In JetBrains TeamCity before 2024.07 stored XSS was possible on Show Connection page
In JetBrains YouTrack before 2021.2.17925, stored XSS was possible.
In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page was possible.
JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role.
JetBrains YouTrack before 2021.3.24402 is vulnerable to stored XSS.
In JetBrains TeamCity before 2025.07 reflected XSS was possible on the agentpushPreset page
In JetBrains TeamCity before 2025.03.3 reflected XSS in the NPM Registry integration was possible
In JetBrains TeamCity before 2025.03.3 reflected XSS on diskUsageBuildsStats page was possible
In JetBrains TeamCity before 2025.03.2 stored XSS via YouTrack integration was possible
In JetBrains TeamCity before 2025.03.2 stored XSS via Jira integration was possible
In JetBrains TeamCity before 2025.03.2 stored XSS via GitHub Checks Webhook was possible
In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered
In JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UI
JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project icon.
JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page.
JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS.
JetBrains Space through 2020-04-22 allows stored XSS in Chats.
In JetBrains TeamCity before 2020.2.3, stored XSS was possible on several pages.
In JetBrains YouTrack before 2020.6.6441, stored XSS was possible via an issue attachment.
JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting.
In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description
In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible
In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS
In JetBrains YouTrack before 2024.3.47707 reflected XSS was possible in Widget API
In JetBrains YouTrack before 2024.3.47707 multiple XSS were possible due to insecure markdown parsing and custom rendering rule
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via sprint value on agile boards page
In JetBrains YouTrack before 2024.3.47707 reflected XSS due to insecure link sanitization was possible
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via Angular template injection in Hub settings
In JetBrains Hub before 2021.1.13690, stored XSS is possible.
In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin
In JetBrains TeamCity before 2024.07.1 multiple stored XSS was possible on Clouds page
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible in the AWS Core plugin
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page
In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings
In JetBrains Hub before 2024.2.34646 stored XSS via project description was possible
In JetBrains TeamCity before 2023.05.6, 2023.11.5 stored XSS in Commit status publisher was possible
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 an XSS could be executed via certain report grouping and filtering operations
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 several Stored XSS in code inspection reports were possible
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 reflected XSS via OAuth provider configuration was possible
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via issue tracker integration was possible
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via third-party reports was possible
In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted builds settings were possible
In JetBrains TeamCity before 2024.03.2 stored XSS via build step settings was possible
In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on several pages.
In JetBrains TeamCity before 2020.2.2, XSS was potentially possible on the test history page.
In JetBrains TeamCity before 2023.11 stored XSS during restore from backup was possible
In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings
In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS.