CVE-2022-24347
https://notcve.org/view.php?id=CVE-2022-24347
JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project icon. JetBrains YouTrack versiones anteriores a 2021.4.36872 era vulnerable a un ataque de tipo XSS almacenado por medio de un icono de proyecto. • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-24344
https://notcve.org/view.php?id=CVE-2022-24344
JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page. En JetBrains YouTrack versiones anteriores a 2021.4.31698 era vulnerable a un ataque de tipo XSS almacenado en la página de plantillas de notificaciones. • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-24343
https://notcve.org/view.php?id=CVE-2022-24343
In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions. En JetBrains YouTrack versiones anteriores a 2021.4.31698, un usuario con permisos de sólo lectura podía establecer un logotipo personalizado. • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021 • CWE-276: Incorrect Default Permissions •
CVE-2021-43184
https://notcve.org/view.php?id=CVE-2021-43184
In JetBrains YouTrack before 2021.3.21051, stored XSS is possible. En JetBrains YouTrack versiones anteriores a 2021.3.21051, un ataque de tipo XSS almacenado es posible • https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-43185
https://notcve.org/view.php?id=CVE-2021-43185
JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection. JetBrains YouTrack versiones anteriores a 2021.3.23639, es vulnerable a una inyección de encabezados de Host • https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •