Vulnerabilities > Jetbrains > Teamcity > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-08-25 CVE-2023-41250 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration
network
low complexity
jetbrains CWE-79
6.1
6.1
2023-07-25 CVE-2023-39175 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible
network
low complexity
jetbrains CWE-79
6.1
6.1
2023-07-12 CVE-2023-38061 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.05.1 stored XSS when using a custom theme was possible
network
low complexity
jetbrains CWE-79
5.4
5.4
2023-07-12 CVE-2023-38062 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build configurations
network
low complexity
jetbrains
6.5
6.5
2023-07-12 CVE-2023-38063 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.05.1 stored XSS while running custom builds was possible
network
low complexity
jetbrains CWE-79
5.4
5.4
2023-07-12 CVE-2023-38064 Information Exposure Through Log Files vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent log
network
low complexity
jetbrains CWE-532
6.5
6.5
2023-07-12 CVE-2023-38065 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the build log was possible
network
low complexity
jetbrains CWE-79
5.4
5.4
2023-07-12 CVE-2023-38066 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads
network
low complexity
jetbrains CWE-79
6.1
6.1
2023-07-12 CVE-2023-38067 Information Exposure Through Log Files vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent log
network
low complexity
jetbrains CWE-532
6.5
6.5
2023-06-29 CVE-2015-1313 Forced Browsing vulnerability in Jetbrains Teamcity
JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request.
network
low complexity
jetbrains CWE-425
6.5
6.5