Page 7 of 84 results (0.016 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project icon. JetBrains YouTrack versiones anteriores a 2021.4.36872 era vulnerable a un ataque de tipo XSS almacenado por medio de un icono de proyecto. • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page. En JetBrains YouTrack versiones anteriores a 2021.4.31698 era vulnerable a un ataque de tipo XSS almacenado en la página de plantillas de notificaciones. • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions. En JetBrains YouTrack versiones anteriores a 2021.4.31698, un usuario con permisos de sólo lectura podía establecer un logotipo personalizado. • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021 • CWE-276: Incorrect Default Permissions •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

In JetBrains YouTrack before 2021.3.21051, stored XSS is possible. En JetBrains YouTrack versiones anteriores a 2021.3.21051, un ataque de tipo XSS almacenado es posible • https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection. JetBrains YouTrack versiones anteriores a 2021.3.23639, es vulnerable a una inyección de encabezados de Host • https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •