ByteOS Network

Vulnerability Details :

CVE-2024-36372

Summary

Assigner-JetBrains

Assigner Org ID-547ada31-17d8-4964-bc5f-1b8238ba8014

Published At-29 May, 2024 | 13:29

Updated At-02 Aug, 2024 | 03:37

In JetBrains TeamCity before 2023.05.6 reflected XSS on the subscriptions page was possible

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:JetBrains

Assigner Org ID:547ada31-17d8-4964-bc5f-1b8238ba8014

Published At:29 May, 2024 | 13:29

Updated At:02 Aug, 2024 | 03:37

▼CVE Numbering Authority (CNA)

In JetBrains TeamCity before 2023.05.6 reflected XSS on the subscriptions page was possible

Affected Products

Vendor

JetBrains s.r.o.

Product

TeamCity

Default Status

unaffected

Versions

Affected

From 0 before 2023.05.6 (semver)

Problem Types

Type	CWE ID	Description
N/A	N/A	CWE-79

Type: N/A

CWE ID: N/A

Description: CWE-79

Metrics

Version	Base score	Base severity	Vector
3.1	4.6	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Version: 3.1

Base score: 4.6

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

References

Hyperlink	Resource
https://www.jetbrains.com/privacy-security/issues-fixed/	N/A

Hyperlink: https://www.jetbrains.com/privacy-security/issues-fixed/

Resource: N/A

▼Authorized Data Publishers (ADP)

1. CISA ADP Vulnrichment

Metrics Other Info

2. CVE Program Container

References

Hyperlink	Resource
https://www.jetbrains.com/privacy-security/issues-fixed/	x_transferred

Hyperlink: https://www.jetbrains.com/privacy-security/issues-fixed/

Resource:

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cve@jetbrains.com

Published At:29 May, 2024 | 14:15

Updated At:27 Jan, 2025 | 18:40

In JetBrains TeamCity before 2023.05.6 reflected XSS on the subscriptions page was possible

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	4.6	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Primary	3.1	6.1	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Type: Secondary

Version: 3.1

Base score: 4.6

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Type: Primary

Version: 3.1

Base score: 6.1

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CPE Matches

JetBrains s.r.o.

>>teamcity>>Versions before 2023.05.6(exclusive)

cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-79	Secondary	cve@jetbrains.com
CWE-79	Primary	nvd@nist.gov

CWE ID: CWE-79

Type: Secondary

Source: cve@jetbrains.com

CWE ID: CWE-79

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://www.jetbrains.com/privacy-security/issues-fixed/	cve@jetbrains.com	Vendor Advisory
https://www.jetbrains.com/privacy-security/issues-fixed/	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory

Hyperlink: https://www.jetbrains.com/privacy-security/issues-fixed/

Source: cve@jetbrains.com

Resource:

Vendor Advisory

Hyperlink: https://www.jetbrains.com/privacy-security/issues-fixed/

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Vendor Advisory

Similar CVEs

10772Records found

CVE-2022-48426

Matching Score-10

Assigner-JetBrains s.r.o.

View Details

Matching Score-10

Assigner-JetBrains s.r.o.

CVSS Score-4.6||MEDIUM

EPSS-1.06% / 60.07%

7 Day CHG~0.00%

Published-27 Mar, 2023 | 15:27

Updated-19 Feb, 2025 | 16:57

In JetBrains TeamCity before 2022.10.3 stored XSS in Perforce connection settings was possible

Vendor-JetBrains s.r.o.

Product-teamcity TeamCity

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2022-48343

Matching Score-10

Assigner-JetBrains s.r.o.

View Details

Matching Score-10

Assigner-JetBrains s.r.o.

CVSS Score-5.4||MEDIUM

EPSS-59.46% / 99.00%

7 Day CHG~0.00%

Published-23 Feb, 2023 | 15:44

Updated-11 Mar, 2025 | 18:13

In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process.

Vendor-JetBrains s.r.o.

Product-teamcity TeamCity

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2022-48427

Matching Score-10

Assigner-JetBrains s.r.o.

View Details

Matching Score-10

Assigner-JetBrains s.r.o.

CVSS Score-4.6||MEDIUM

EPSS-1.00% / 58.18%

7 Day CHG~0.00%

Published-27 Mar, 2023 | 15:27

Updated-19 Feb, 2025 | 16:03

In JetBrains TeamCity before 2022.10.3 stored XSS on “Pending changes” and “Changes” tabs was possible

Vendor-JetBrains s.r.o.

Product-teamcity TeamCity

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2020-15831

Matching Score-10

Assigner-MITRE Corporation

View Details

Matching Score-10

Assigner-MITRE Corporation

CVSS Score-6.1||MEDIUM

EPSS-0.65% / 46.25%

7 Day CHG~0.00%

Published-08 Aug, 2020 | 20:50

Updated-04 Aug, 2024 | 13:30

JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI.

Vendor-n/a JetBrains s.r.o.

Product-teamcity n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-68268

Matching Score-10

Assigner-JetBrains s.r.o.

View Details

Matching Score-10

Assigner-JetBrains s.r.o.

CVSS Score-5.4||MEDIUM

EPSS-0.17% / 6.43%

7 Day CHG~0.00%

Published-16 Dec, 2025 | 15:27

Updated-18 Dec, 2025 | 19:11

In JetBrains TeamCity before 2025.11.1 reflected XSS was possible on the storage settings page

Vendor-JetBrains s.r.o.

Product-teamcity TeamCity

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-68165

Matching Score-10

Assigner-JetBrains s.r.o.

View Details

Matching Score-10

Assigner-JetBrains s.r.o.

CVSS Score-5.4||MEDIUM

EPSS-3.46% / 87.51%

7 Day CHG~0.00%

Published-16 Dec, 2025 | 15:27

Updated-18 Dec, 2025 | 19:20

In JetBrains TeamCity before 2025.11 reflected XSS was possible on VCS Root setup

Vendor-JetBrains s.r.o.

Product-teamcity TeamCity

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-68166

Matching Score-10

Assigner-JetBrains s.r.o.

View Details

Matching Score-10

Assigner-JetBrains s.r.o.

CVSS Score-5.4||MEDIUM

EPSS-0.16% / 5.75%

7 Day CHG~0.00%

Published-16 Dec, 2025 | 15:27

Updated-18 Dec, 2025 | 19:20

In JetBrains TeamCity before 2025.11 a DOM-based XSS was possible on the OAuth connections tab

Vendor-JetBrains s.r.o.

Product-teamcity TeamCity

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-67741

Matching Score-10

Assigner-JetBrains s.r.o.

View Details

Matching Score-10

Assigner-JetBrains s.r.o.

CVSS Score-4.8||MEDIUM

EPSS-0.40% / 32.08%

7 Day CHG~0.00%

Published-11 Dec, 2025 | 15:19

Updated-15 Dec, 2025 | 20:06

In JetBrains TeamCity before 2025.11 stored XSS was possible via session attribute

Vendor-JetBrains s.r.o.

Product-teamcity TeamCity

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2026-49375

Matching Score-10

Assigner-JetBrains s.r.o.

View Details

Matching Score-10

Assigner-JetBrains s.r.o.

CVSS Score-6.1||MEDIUM

EPSS-0.21% / 11.68%

7 Day CHG~0.00%

Published-29 May, 2026 | 18:15

Updated-02 Jun, 2026 | 13:11

In JetBrains TeamCity before 2026.1, 2025.11.5 reflected XSS was possible on the repository download page

Vendor-JetBrains s.r.o.

Product-teamcity TeamCity

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2022-29929

Matching Score-10

Assigner-JetBrains s.r.o.

View Details

Matching Score-10

Assigner-JetBrains s.r.o.

CVSS Score-3.7||LOW

EPSS-0.43% / 34.41%

7 Day CHG~0.00%

Published-12 May, 2022 | 08:35

Updated-03 Aug, 2024 | 06:33

In JetBrains TeamCity before 2022.04 potential XSS via Referrer header was possible

Vendor-JetBrains s.r.o.

Product-teamcity TeamCity

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2022-29817

Matching Score-10

Assigner-JetBrains s.r.o.

View Details

Matching Score-10

Assigner-JetBrains s.r.o.

CVSS Score-3.9||LOW

EPSS-0.37% / 28.36%

7 Day CHG+0.01%

Published-28 Apr, 2022 | 09:55

Updated-03 Aug, 2024 | 06:33

In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible

Vendor-JetBrains s.r.o.

Product-intellij_idea IntelliJ IDEA

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2022-25261

Matching Score-10

Assigner-MITRE Corporation

View Details

Matching Score-10

Assigner-MITRE Corporation

CVSS Score-6.1||MEDIUM

EPSS-0.55% / 41.48%

7 Day CHG~0.00%

Published-25 Feb, 2022 | 19:59

Updated-03 Aug, 2024 | 04:36

JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS.

Vendor-n/a JetBrains s.r.o.

Product-teamcity n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2022-25259

Matching Score-10

Assigner-MITRE Corporation

View Details

Matching Score-10

Assigner-MITRE Corporation

CVSS Score-6.1||MEDIUM

EPSS-0.55% / 41.48%

7 Day CHG~0.00%

Published-25 Feb, 2022 | 20:01

Updated-03 Aug, 2024 | 04:36

JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS.

Vendor-n/a JetBrains s.r.o.

Product-hub n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2019-14952

Matching Score-10

Assigner-MITRE Corporation

View Details

Matching Score-10

Assigner-MITRE Corporation

CVSS Score-6.1||MEDIUM

EPSS-1.05% / 59.89%

7 Day CHG~0.00%

Published-01 Oct, 2019 | 13:24

Updated-05 Aug, 2024 | 00:34

JetBrains YouTrack versions before 2019.1.52584 had a possible XSS in the issue titles.

Vendor-n/a JetBrains s.r.o.

Product-youtrack n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-41248

Matching Score-10

Assigner-JetBrains s.r.o.

View Details

Matching Score-10

Assigner-JetBrains s.r.o.

CVSS Score-4.6||MEDIUM

EPSS-0.31% / 22.85%

7 Day CHG~0.00%

Published-25 Aug, 2023 | 12:58

Updated-27 Sep, 2024 | 21:56

In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration

Vendor-JetBrains s.r.o.

Product-teamcity TeamCity

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-41249

Matching Score-10

Assigner-JetBrains s.r.o.

View Details

Matching Score-10

Assigner-JetBrains s.r.o.

CVSS Score-4.6||MEDIUM

EPSS-53.13% / 98.84%

7 Day CHG~0.00%

Published-25 Aug, 2023 | 12:58

Updated-27 Sep, 2024 | 21:56

In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step

Vendor-JetBrains s.r.o.

Product-teamcity TeamCity

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-50578

Matching Score-10

Assigner-JetBrains s.r.o.

View Details

Matching Score-10

Assigner-JetBrains s.r.o.

CVSS Score-4.6||MEDIUM

EPSS-0.29% / 20.73%

7 Day CHG~0.00%

Published-28 Oct, 2024 | 12:55

Updated-29 Oct, 2024 | 17:17

In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via sprint value on agile boards page

Vendor-JetBrains s.r.o.

Product-youtrack YouTrack

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2021-43181

Matching Score-10

Assigner-MITRE Corporation

View Details

Matching Score-10

Assigner-MITRE Corporation

CVSS Score-6.1||MEDIUM

EPSS-0.56% / 42.35%

7 Day CHG~0.00%

Published-09 Nov, 2021 | 15:06

Updated-04 Aug, 2024 | 03:47

In JetBrains Hub before 2021.1.13690, stored XSS is possible.

Vendor-n/a JetBrains s.r.o.

Product-hub n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-46970

Matching Score-10

Assigner-JetBrains s.r.o.

View Details

Matching Score-10

Assigner-JetBrains s.r.o.

CVSS Score-3.3||LOW

EPSS-0.38% / 29.74%

7 Day CHG~0.00%

Published-16 Sep, 2024 | 10:32

Updated-20 Sep, 2024 | 13:23

In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible

Vendor-JetBrains s.r.o.

Product-intellij_idea IntelliJ IDEA

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-38065

Matching Score-10

Assigner-JetBrains s.r.o.

View Details

Matching Score-10

Assigner-JetBrains s.r.o.

CVSS Score-4.6||MEDIUM

EPSS-0.90% / 55.01%

7 Day CHG~0.00%

Published-12 Jul, 2023 | 12:48

Updated-22 Oct, 2024 | 18:40

In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the build log was possible

Vendor-JetBrains s.r.o.

Product-teamcity TeamCity

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-38063

Matching Score-10

Assigner-JetBrains s.r.o.

View Details

Matching Score-10

Assigner-JetBrains s.r.o.

CVSS Score-4.6||MEDIUM

EPSS-0.90% / 55.01%

7 Day CHG~0.00%

Published-12 Jul, 2023 | 12:48

Updated-23 Oct, 2024 | 14:37

In JetBrains TeamCity before 2023.05.1 stored XSS while running custom builds was possible

Vendor-JetBrains s.r.o.

Product-teamcity TeamCity

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-43809

Matching Score-10

Assigner-JetBrains s.r.o.

View Details

Matching Score-10

Assigner-JetBrains s.r.o.

CVSS Score-3.5||LOW

EPSS-0.34% / 25.96%

7 Day CHG~0.00%

Published-16 Aug, 2024 | 14:51

Updated-19 Aug, 2024 | 21:11

In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page

Vendor-JetBrains s.r.o.

Product-teamcity TeamCity

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-38061

Matching Score-10

Assigner-JetBrains s.r.o.

View Details

Matching Score-10

Assigner-JetBrains s.r.o.

CVSS Score-4.6||MEDIUM

EPSS-0.90% / 55.01%

7 Day CHG~0.00%

Published-12 Jul, 2023 | 12:48

Updated-23 Oct, 2024 | 14:40

In JetBrains TeamCity before 2023.05.1 stored XSS when using a custom theme was possible

Vendor-JetBrains s.r.o.

Product-teamcity TeamCity

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-38066

Matching Score-10

Assigner-JetBrains s.r.o.

View Details

Matching Score-10

Assigner-JetBrains s.r.o.

CVSS Score-4.6||MEDIUM

EPSS-0.91% / 55.33%

7 Day CHG~0.00%

Published-12 Jul, 2023 | 12:48

Updated-21 Oct, 2024 | 21:10

In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads

Vendor-JetBrains s.r.o.

Product-teamcity TeamCity

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2021-37542

Matching Score-10

Assigner-MITRE Corporation

View Details

Matching Score-10

Assigner-MITRE Corporation

CVSS Score-6.1||MEDIUM

EPSS-0.61% / 44.73%

7 Day CHG~0.00%

Published-06 Aug, 2021 | 13:22

Updated-04 Aug, 2024 | 01:23

In JetBrains TeamCity before 2020.2.3, XSS was possible.

Vendor-n/a JetBrains s.r.o.

Product-teamcity n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2026-49384

Matching Score-10

Assigner-JetBrains s.r.o.

View Details

Matching Score-10

Assigner-JetBrains s.r.o.

CVSS Score-6.1||MEDIUM

EPSS-0.18% / 7.78%

7 Day CHG~0.00%

Published-29 May, 2026 | 18:15

Updated-01 Jun, 2026 | 12:44

In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible

Vendor-JetBrains s.r.o.

Product-pycharm PyCharm

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2021-31911

Matching Score-10

Assigner-MITRE Corporation

View Details

Matching Score-10

Assigner-MITRE Corporation

CVSS Score-6.1||MEDIUM

EPSS-0.75% / 50.06%

7 Day CHG~0.00%

Published-11 May, 2021 | 12:04

Updated-03 Aug, 2024 | 23:10

In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on several pages.

Vendor-n/a JetBrains s.r.o.

Product-teamcity n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2021-31904

Matching Score-10

Assigner-MITRE Corporation

View Details

Matching Score-10

Assigner-MITRE Corporation

CVSS Score-6.1||MEDIUM

EPSS-0.75% / 50.06%

7 Day CHG~0.00%

Published-11 May, 2021 | 11:46

Updated-03 Aug, 2024 | 23:10

In JetBrains TeamCity before 2020.2.2, XSS was potentially possible on the test history page.

Vendor-n/a JetBrains s.r.o.

Product-teamcity n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-36370

Matching Score-10

Assigner-JetBrains s.r.o.

View Details

Matching Score-10

Assigner-JetBrains s.r.o.

CVSS Score-4.6||MEDIUM

EPSS-0.27% / 18.08%

7 Day CHG~0.00%

Published-29 May, 2024 | 13:29

Updated-16 Dec, 2024 | 15:42

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via OAuth connection settings was possible

Vendor-JetBrains s.r.o.

Product-teamcity TeamCity teamcity

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2021-31903

Matching Score-10

Assigner-MITRE Corporation

View Details

Matching Score-10

Assigner-MITRE Corporation

CVSS Score-6.1||MEDIUM

EPSS-0.78% / 51.12%

7 Day CHG~0.00%

Published-11 May, 2021 | 11:37

Updated-03 Aug, 2024 | 23:10

In JetBrains YouTrack before 2021.1.9819, a pull request's title was sanitized insufficiently, leading to XSS.

Vendor-n/a JetBrains s.r.o.

Product-youtrack n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-22370

Matching Score-10

Assigner-JetBrains s.r.o.

View Details

Matching Score-10

Assigner-JetBrains s.r.o.

CVSS Score-4.6||MEDIUM

EPSS-0.41% / 32.38%

7 Day CHG~0.00%

Published-09 Jan, 2024 | 09:48

Updated-17 Jun, 2025 | 20:59

In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was possible

Vendor-JetBrains s.r.o.

Product-youtrack YouTrack

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2021-25773

Matching Score-10

Assigner-MITRE Corporation

View Details

Matching Score-10

Assigner-MITRE Corporation

CVSS Score-6.1||MEDIUM

EPSS-0.64% / 45.91%

7 Day CHG~0.00%

Published-03 Feb, 2021 | 15:32

Updated-03 Aug, 2024 | 20:11

JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on several pages.

Vendor-n/a JetBrains s.r.o.

Product-teamcity n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2021-43197

Matching Score-10

Assigner-MITRE Corporation

View Details

Matching Score-10

Assigner-MITRE Corporation

CVSS Score-6.1||MEDIUM

EPSS-0.56% / 42.35%

7 Day CHG~0.00%

Published-09 Nov, 2021 | 14:47

Updated-04 Aug, 2024 | 03:47

In JetBrains TeamCity before 2021.1.2, email notifications could include unescaped HTML for XSS.

Vendor-n/a JetBrains s.r.o.

Product-teamcity n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2020-7911

Matching Score-10

Assigner-MITRE Corporation

View Details

Matching Score-10

Assigner-MITRE Corporation

CVSS Score-6.1||MEDIUM

EPSS-0.65% / 46.25%

7 Day CHG~0.00%

Published-30 Jan, 2020 | 17:14

Updated-04 Aug, 2024 | 09:48

In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS.

Vendor-n/a JetBrains s.r.o.

Product-teamcity n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-35054

Matching Score-10

Assigner-JetBrains s.r.o.

View Details

Matching Score-10

Assigner-JetBrains s.r.o.

CVSS Score-4.6||MEDIUM

EPSS-0.97% / 57.37%

7 Day CHG~0.00%

Published-12 Jun, 2023 | 15:46

Updated-03 Jan, 2025 | 21:14

In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible

Vendor-JetBrains s.r.o.

Product-youtrack YouTrack

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-34220

Matching Score-10

Assigner-JetBrains s.r.o.

View Details

Matching Score-10

Assigner-JetBrains s.r.o.

CVSS Score-4.6||MEDIUM

EPSS-61.17% / 99.04%

7 Day CHG~0.00%

Published-31 May, 2023 | 13:03

Updated-09 Jan, 2025 | 20:03

In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible

Vendor-JetBrains s.r.o.

Product-teamcity TeamCity

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-34226

Matching Score-10

Assigner-JetBrains s.r.o.

View Details

Matching Score-10

Assigner-JetBrains s.r.o.

CVSS Score-4.6||MEDIUM

EPSS-1.04% / 59.58%

7 Day CHG~0.00%

Published-31 May, 2023 | 13:03

Updated-09 Jan, 2025 | 20:30

In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible

Vendor-JetBrains s.r.o.

Product-teamcity TeamCity

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-34222

Matching Score-10

Assigner-JetBrains s.r.o.

View Details

Matching Score-10

Assigner-JetBrains s.r.o.

CVSS Score-4.6||MEDIUM

EPSS-1.04% / 59.58%

7 Day CHG~0.00%

Published-31 May, 2023 | 13:03

Updated-09 Jan, 2025 | 20:32

In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor URL was possible

Vendor-JetBrains s.r.o.

Product-teamcity TeamCity

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-34221

Matching Score-10

Assigner-JetBrains s.r.o.

View Details

Matching Score-10

Assigner-JetBrains s.r.o.

CVSS Score-4.6||MEDIUM

EPSS-1.04% / 59.56%

7 Day CHG~0.00%

Published-31 May, 2023 | 13:03

Updated-09 Jan, 2025 | 20:33

In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible

Vendor-JetBrains s.r.o.

Product-teamcity TeamCity

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-34229

Matching Score-10

Assigner-JetBrains s.r.o.

View Details

Matching Score-10

Assigner-JetBrains s.r.o.

CVSS Score-4.6||MEDIUM

EPSS-1.04% / 59.56%

7 Day CHG~0.00%

Published-31 May, 2023 | 13:03

Updated-09 Jan, 2025 | 20:29

In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection page was possible

Vendor-JetBrains s.r.o.

Product-teamcity TeamCity

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-26493

Matching Score-10

Assigner-JetBrains s.r.o.

View Details

Matching Score-10

Assigner-JetBrains s.r.o.

CVSS Score-4.6||MEDIUM

EPSS-0.35% / 26.64%

7 Day CHG~0.00%

Published-11 Feb, 2025 | 13:56

Updated-11 Feb, 2025 | 14:20

In JetBrains TeamCity before 2024.12.2 several DOM-based XSS were possible on the Code Inspection Report tab

Vendor-JetBrains s.r.o.

Product-TeamCity

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-24459

Matching Score-10

Assigner-JetBrains s.r.o.

View Details

Matching Score-10

Assigner-JetBrains s.r.o.

CVSS Score-4.6||MEDIUM

EPSS-2.73% / 84.19%

7 Day CHG+0.11%

Published-21 Jan, 2025 | 17:23

Updated-30 Jan, 2025 | 21:22

In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page

Vendor-JetBrains s.r.o.

Product-teamcity TeamCity

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-50580

Matching Score-10

Assigner-JetBrains s.r.o.

View Details

Matching Score-10

Assigner-JetBrains s.r.o.

CVSS Score-4.6||MEDIUM

EPSS-0.29% / 20.73%

7 Day CHG~0.00%

Published-28 Oct, 2024 | 12:55

Updated-29 Oct, 2024 | 17:17

In JetBrains YouTrack before 2024.3.47707 multiple XSS were possible due to insecure markdown parsing and custom rendering rule

Vendor-JetBrains s.r.o.

Product-youtrack YouTrack

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-36373

Matching Score-10

Assigner-JetBrains s.r.o.

View Details

Matching Score-10

Assigner-JetBrains s.r.o.

CVSS Score-4.6||MEDIUM

EPSS-0.27% / 18.08%

7 Day CHG~0.00%

Published-29 May, 2024 | 13:29

Updated-27 Jan, 2025 | 18:41

In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted builds settings were possible

Vendor-JetBrains s.r.o.

Product-teamcity TeamCity

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-36363

Matching Score-10

Assigner-JetBrains s.r.o.

View Details

Matching Score-10

Assigner-JetBrains s.r.o.

CVSS Score-4.6||MEDIUM

EPSS-0.27% / 18.08%

7 Day CHG~0.00%

Published-29 May, 2024 | 13:28

Updated-16 Dec, 2024 | 15:41

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 several Stored XSS in code inspection reports were possible

Vendor-JetBrains s.r.o.

Product-teamcity TeamCity

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-35300

Matching Score-10

Assigner-JetBrains s.r.o.

View Details

Matching Score-10

Assigner-JetBrains s.r.o.

CVSS Score-3.5||LOW

EPSS-0.29% / 20.80%

7 Day CHG~0.00%

Published-16 May, 2024 | 10:31

Updated-16 Dec, 2024 | 15:48

In JetBrains TeamCity between 2024.03 and 2024.03.1 several stored XSS in the available updates page were possible

Vendor-JetBrains s.r.o.

Product-teamcity TeamCity teamcity

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-31140

Matching Score-10

Assigner-JetBrains s.r.o.

View Details

Matching Score-10

Assigner-JetBrains s.r.o.

CVSS Score-4.6||MEDIUM

EPSS-16.85% / 96.65%

7 Day CHG~0.00%

Published-27 Mar, 2025 | 11:24

Updated-27 Mar, 2025 | 16:45

In JetBrains TeamCity before 2025.03 stored XSS was possible on Cloud Profiles page

Vendor-JetBrains s.r.o.

Product-TeamCity

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-41250

Matching Score-10

Assigner-JetBrains s.r.o.

View Details

Matching Score-10

Assigner-JetBrains s.r.o.

CVSS Score-3.5||LOW

EPSS-0.32% / 23.56%

7 Day CHG~0.00%

Published-25 Aug, 2023 | 12:58

Updated-27 Sep, 2024 | 21:56

In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration

Vendor-JetBrains s.r.o.

Product-teamcity TeamCity

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-39175

Matching Score-10

Assigner-JetBrains s.r.o.

View Details

Matching Score-10

Assigner-JetBrains s.r.o.

CVSS Score-4.6||MEDIUM

EPSS-0.91% / 55.33%

7 Day CHG~0.00%

Published-25 Jul, 2023 | 14:45

Updated-15 Oct, 2024 | 18:51

In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible

Vendor-JetBrains s.r.o.

Product-teamcity TeamCity

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-34225

Matching Score-10

Assigner-JetBrains s.r.o.

View Details

Matching Score-10

Assigner-JetBrains s.r.o.

CVSS Score-4.6||MEDIUM

EPSS-60.72% / 99.03%

7 Day CHG~0.00%

Published-31 May, 2023 | 13:03

Updated-09 Jan, 2025 | 20:31

In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible

Vendor-JetBrains s.r.o.

Product-teamcity TeamCity

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-36372

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs