CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47159
https://notcve.org/view.php?id=CVE-2024-47159
In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-863: Incorrect Authorization •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46970
https://notcve.org/view.php?id=CVE-2024-46970
In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible En JetBrains IntelliJ IDEA antes de 2024.1 era posible la inyección de HTML a través del nombre del proyecto • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43810
https://notcve.org/view.php?id=CVE-2024-43810
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible in the AWS Core plugin • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43809
https://notcve.org/view.php?id=CVE-2024-43809
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43808
https://notcve.org/view.php?id=CVE-2024-43808
In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •