CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50580
https://notcve.org/view.php?id=CVE-2024-50580
28 Oct 2024 — In JetBrains YouTrack before 2024.3.47707 multiple XSS were possible due to insecure markdown parsing and custom rendering rule • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50579
https://notcve.org/view.php?id=CVE-2024-50579
28 Oct 2024 — In JetBrains YouTrack before 2024.3.47707 reflected XSS due to insecure link sanitization was possible • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50578
https://notcve.org/view.php?id=CVE-2024-50578
28 Oct 2024 — In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via sprint value on agile boards page • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50577
https://notcve.org/view.php?id=CVE-2024-50577
28 Oct 2024 — In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via Angular template injection in Hub settings • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50576
https://notcve.org/view.php?id=CVE-2024-50576
28 Oct 2024 — In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via vendor URL in App manifest • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50575
https://notcve.org/view.php?id=CVE-2024-50575
28 Oct 2024 — In JetBrains YouTrack before 2024.3.47707 reflected XSS was possible in Widget API • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50574
https://notcve.org/view.php?id=CVE-2024-50574
28 Oct 2024 — In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header parsing in Helpdesk functionality • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49579
https://notcve.org/view.php?id=CVE-2024-49579
17 Oct 2024 — In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-940: Improper Verification of Source of a Communication Channel •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48902
https://notcve.org/view.php?id=CVE-2024-48902
10 Oct 2024 — In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via API • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47162
https://notcve.org/view.php?id=CVE-2024-47162
19 Sep 2024 — In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-522: Insufficiently Protected Credentials •