In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible
In JetBrains TeamCity before 2026.1, 2025.11.5 reflected XSS was possible on the repository download page
In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible
In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process.
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process.
In JetBrains TeamCity before 2022.10.3 stored XSS on “Pending changes” and “Changes” tabs was possible
In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 reflected XSS in dashboards was possible
In JetBrains TeamCity before 2025.11.1 reflected XSS was possible on the storage settings page
In JetBrains TeamCity before 2022.10.3 stored XSS in Perforce connection settings was possible
In JetBrains TeamCity before 2025.11 a DOM-based XSS was possible on the OAuth connections tab
In JetBrains TeamCity before 2025.03.3 reflected XSS on diskUsageBuildsStats page was possible
In JetBrains TeamCity before 2025.03.2 stored XSS via GitHub Checks Webhook was possible
In JetBrains TeamCity before 2025.03.2 stored XSS via Jira integration was possible
In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab
In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS
In JetBrains TeamCity before 2024.12 stored XSS was possible via image name on the agent details page
In JetBrains TeamCity before 2025.03 stored XSS was possible on Cloud Profiles page
In JetBrains TeamCity before 2024.12.2 several DOM-based XSS were possible on the Code Inspection Report tab
In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page
In JetBrains YouTrack before 2024.3.47707 multiple XSS were possible due to insecure markdown parsing and custom rendering rule
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via sprint value on agile boards page
In JetBrains YouTrack before 2024.3.47707 reflected XSS due to insecure link sanitization was possible
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via Angular template injection in Hub settings
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via vendor URL in App manifest
In JetBrains YouTrack before 2024.3.47707 reflected XSS was possible in Widget API
In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings
In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings
In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible in the AWS Core plugin
In JetBrains TeamCity before 2024.07.1 multiple stored XSS was possible on Clouds page
In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin
In JetBrains TeamCity before 2025.11 reflected XSS was possible on VCS Root setup
In JetBrains TeamCity before 2025.11 stored XSS was possible via session attribute
In JetBrains TeamCity before 2025.11 stored XSS was possible on agentpushInstall page
In JetBrains TeamCity before 2024.07 stored XSS was possible on Show Connection page
In JetBrains TeamCity before 2024.07 stored XSS was possible on the Code Inspection tab
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 several Stored XSS in code inspection reports were possible
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via OAuth connection settings was possible
In JetBrains Hub before 2024.2.34646 stored XSS via project description was possible
In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible.
In JetBrains TeamCity before 2022.04 potential XSS via Referrer header was possible
In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible
In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible
In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible
In JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UI
In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered
In JetBrains TeamCity before 2025.07 reflected XSS was possible on the agentpushPreset page
In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted builds settings were possible