Vulnerabilities > Jetbrains > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-04-28 CVE-2022-29811 Cross-site Scripting vulnerability in Jetbrains HUB
In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible.
network
low complexity
jetbrains CWE-79
4.8
2022-04-28 CVE-2022-29813 Code Injection vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible
local
low complexity
jetbrains CWE-94
6.7
2022-04-28 CVE-2022-29815 Code Injection vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible
local
low complexity
jetbrains CWE-94
6.7
2022-04-28 CVE-2022-29817 Cross-site Scripting vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible
network
low complexity
jetbrains CWE-79
6.1
2022-04-05 CVE-2022-28648 Cross-site Scripting vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered
network
low complexity
jetbrains CWE-79
5.4
2022-04-05 CVE-2022-28649 Improper Restriction of Rendered UI Layers or Frames vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description
network
low complexity
jetbrains CWE-1021
5.4
2022-04-05 CVE-2022-28650 Cross-site Scripting vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UI
network
low complexity
jetbrains CWE-79
5.4
2022-04-05 CVE-2022-28651 Insufficiently Protected Credentials vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get passwords from protected fields
local
low complexity
jetbrains CWE-522
5.5
2022-02-25 CVE-2022-25259 Cross-site Scripting vulnerability in Jetbrains HUB
JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS.
network
low complexity
jetbrains CWE-79
6.1
2022-02-25 CVE-2022-25261 Cross-site Scripting vulnerability in Jetbrains Teamcity
JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS.
network
low complexity
jetbrains CWE-79
6.1