Vulnerabilities > Jetbrains > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-04-22 CVE-2020-11416 Cross-site Scripting vulnerability in Jetbrains Space
JetBrains Space through 2020-04-22 allows stored XSS in Chats.
network
low complexity
jetbrains CWE-79
5.4
2020-01-30 CVE-2020-7913 Cross-site Scripting vulnerability in Jetbrains Youtrack
JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS via an issue description.
network
low complexity
jetbrains CWE-79
6.1
2020-01-30 CVE-2020-7912 Exposure of Resource to Wrong Sphere vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could be accessed using backups.
network
low complexity
jetbrains CWE-668
5.3
2020-01-30 CVE-2020-7911 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS.
network
low complexity
jetbrains CWE-79
6.1
2020-01-30 CVE-2020-7910 Cross-site Scripting vulnerability in Jetbrains Teamcity
JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role.
network
low complexity
jetbrains CWE-79
5.4
2020-01-30 CVE-2020-7908 Improper Privilege Management vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible on several pages.
network
low complexity
jetbrains CWE-269
4.3
2019-12-26 CVE-2019-19389 Injection vulnerability in Jetbrains Ktor
JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting.
network
low complexity
jetbrains CWE-74
5.4
2019-12-10 CVE-2019-19703 Open Redirect vulnerability in Jetbrains Ktor
In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location.
network
low complexity
jetbrains CWE-601
6.1
2019-10-31 CVE-2019-18369 Incorrect Default Permissions vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible.
network
low complexity
jetbrains CWE-276
5.3
2019-10-31 CVE-2019-18367 Incorrect Default Permissions vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions.
network
low complexity
jetbrains CWE-276
5.3