CVE-2023-41249
https://notcve.org/view.php?id=CVE-2023-41249
In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step En TeamCity de JetBrains antes de 2023.05.3 era posible realizar un Cross-Site Scripting (XSS) Reflejado durante la copia de Build Step. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-41248
https://notcve.org/view.php?id=CVE-2023-41248
In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration En TeamCity de JetBrains antes de 2023.05.3 era posible realizar un Cross-Site Scripting (XSS) Almacenado durante la configuración de Cloud Profiles. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-39175
https://notcve.org/view.php?id=CVE-2023-39175
In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-39174
https://notcve.org/view.php?id=CVE-2023-39174
In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-1333: Inefficient Regular Expression Complexity •
CVE-2023-39173
https://notcve.org/view.php?id=CVE-2023-39173
In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-266: Incorrect Privilege Assignment •