Vulnerabilities > Jetbrains > Youtrack > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-10-28 CVE-2024-50575 Cross-site Scripting vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.47707 reflected XSS was possible in Widget API
network
low complexity
jetbrains CWE-79
6.1
2024-10-28 CVE-2024-50576 Cross-site Scripting vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via vendor URL in App manifest
network
low complexity
jetbrains CWE-79
5.4
2024-10-28 CVE-2024-50577 Cross-site Scripting vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via Angular template injection in Hub settings
network
low complexity
jetbrains CWE-79
5.4
2024-10-28 CVE-2024-50578 Cross-site Scripting vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via sprint value on agile boards page
network
low complexity
jetbrains CWE-79
5.4
2024-10-28 CVE-2024-50579 Cross-site Scripting vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.47707 reflected XSS due to insecure link sanitization was possible
network
low complexity
jetbrains CWE-79
6.1
2024-10-28 CVE-2024-50580 Cross-site Scripting vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.47707 multiple XSS were possible due to insecure markdown parsing and custom rendering rule
network
low complexity
jetbrains CWE-79
5.4
2024-10-28 CVE-2024-50581 Cross-site Scripting vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead to XSS attack via comment tag
network
low complexity
jetbrains CWE-79
5.4
2024-10-28 CVE-2024-50582 Cross-site Scripting vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements
network
low complexity
jetbrains CWE-79
5.4
2024-10-17 CVE-2024-49579 Unspecified vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests
network
low complexity
jetbrains
6.1
2024-10-10 CVE-2024-48902 Missing Authorization vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via API
network
low complexity
jetbrains CWE-862
5.4