CVSS: 3.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54153
https://notcve.org/view.php?id=CVE-2024-54153
04 Dec 2024 — In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter En JetBrains YouTrack antes de 2024.3.51866, la descarga de copias de seguridad de bases de datos no autenticadas era posible a través de un parámetro de consulta vulnerable • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-862: Missing Authorization •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52555
https://notcve.org/view.php?id=CVE-2024-52555
15 Nov 2024 — In JetBrains WebStorm before 2024.3 code execution in Untrusted Project mode was possible via type definitions installer script • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data •
CVSS: 5.5EPSS: 10%CPEs: 1EXPL: 0CVE-2024-50582
https://notcve.org/view.php?id=CVE-2024-50582
28 Oct 2024 — In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 10%CPEs: 1EXPL: 0CVE-2024-50581
https://notcve.org/view.php?id=CVE-2024-50581
28 Oct 2024 — In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead to XSS attack via comment tag • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 10%CPEs: 1EXPL: 0CVE-2024-50580
https://notcve.org/view.php?id=CVE-2024-50580
28 Oct 2024 — In JetBrains YouTrack before 2024.3.47707 multiple XSS were possible due to insecure markdown parsing and custom rendering rule • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 3%CPEs: 1EXPL: 0CVE-2024-50579
https://notcve.org/view.php?id=CVE-2024-50579
28 Oct 2024 — In JetBrains YouTrack before 2024.3.47707 reflected XSS due to insecure link sanitization was possible • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 10%CPEs: 1EXPL: 0CVE-2024-50578
https://notcve.org/view.php?id=CVE-2024-50578
28 Oct 2024 — In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via sprint value on agile boards page • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 7%CPEs: 1EXPL: 0CVE-2024-50577
https://notcve.org/view.php?id=CVE-2024-50577
28 Oct 2024 — In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via Angular template injection in Hub settings • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 10%CPEs: 1EXPL: 0CVE-2024-50576
https://notcve.org/view.php?id=CVE-2024-50576
28 Oct 2024 — In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via vendor URL in App manifest • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 3%CPEs: 1EXPL: 0CVE-2024-50575
https://notcve.org/view.php?id=CVE-2024-50575
28 Oct 2024 — In JetBrains YouTrack before 2024.3.47707 reflected XSS was possible in Widget API • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •