In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible
In JetBrains PyCharm before 2025.3.2 a DOM-based XSS on Jupyter viewer page was possible
In JetBrains TeamCity before 2025.03 stored XSS was possible on Cloud Profiles page
In JetBrains TeamCity before 2024.12.2 several DOM-based XSS were possible on the Code Inspection Report tab
In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page
JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI.
JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI.
In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible
In JetBrains TeamCity before 2022.04 potential XSS via Referrer header was possible
JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS.
JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS.
In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step
In JetBrains YouTrack through 2019.2.56594, stored XSS was found on the issue page.
In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration
JetBrains YouTrack versions before 2019.1.52584 had a possible XSS in the issue titles.
JetBrains YouTrack versions before 2019.2.53938 had a possible XSS through issue attachments when using the Firefox browser.
In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the build log was possible
In JetBrains TeamCity before 2023.05.1 stored XSS while running custom builds was possible
In JetBrains Hub before 2021.1.13690, stored XSS is possible.
In JetBrains TeamCity before 2020.2.3, XSS was possible.
In JetBrains TeamCity before 2023.05.6 reflected XSS on the subscriptions page was possible
In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS
In JetBrains TeamCity before 2024.12 stored XSS was possible via image name on the agent details page
In JetBrains TeamCity between 2024.03 and 2024.03.1 several stored XSS in the available updates page were possible
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via vendor URL in App manifest
In JetBrains YouTrack before 2024.3.47707 multiple XSS were possible due to insecure markdown parsing and custom rendering rule
In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead to XSS attack via comment tag
In JetBrains YouTrack before 2024.3.47707 reflected XSS was possible in Widget API
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via Angular template injection in Hub settings
In JetBrains YouTrack before 2024.3.47707 reflected XSS due to insecure link sanitization was possible
In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on several pages.
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible in the AWS Core plugin
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via sprint value on agile boards page
In JetBrains TeamCity before 2024.07.1 multiple stored XSS was possible on Clouds page
In JetBrains YouTrack before 2021.1.9819, a pull request's title was sanitized insufficiently, leading to XSS.
In JetBrains TeamCity before 2020.2.2, XSS was potentially possible on the test history page.
In JetBrains TeamCity before 2024.07 stored XSS was possible on the Code Inspection tab
In JetBrains TeamCity before 2021.1.2, email notifications could include unescaped HTML for XSS.
In JetBrains TeamCity before 2023.05.6, 2023.11.5 stored XSS in Commit status publisher was possible
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 several Stored XSS in code inspection reports were possible
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 reflected XSS via OAuth provider configuration was possible
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via issue tracker integration was possible
In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted builds settings were possible
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via third-party reports was possible
In JetBrains TeamCity before 2024.03.2 stored XSS via build step settings was possible
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 an XSS could be executed via certain report grouping and filtering operations
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via OAuth connection settings was possible
In JetBrains TeamCity before 2023.11 stored XSS during restore from backup was possible
In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings