CVE-2024-50577
https://notcve.org/view.php?id=CVE-2024-50577
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via Angular template injection in Hub settings • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-50576
https://notcve.org/view.php?id=CVE-2024-50576
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via vendor URL in App manifest • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-50575
https://notcve.org/view.php?id=CVE-2024-50575
In JetBrains YouTrack before 2024.3.47707 reflected XSS was possible in Widget API • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-50574
https://notcve.org/view.php?id=CVE-2024-50574
In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header parsing in Helpdesk functionality • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-1333: Inefficient Regular Expression Complexity •
CVE-2024-49579
https://notcve.org/view.php?id=CVE-2024-49579
In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-940: Improper Verification of Source of a Communication Channel •