CVE-2024-52555
https://notcve.org/view.php?id=CVE-2024-52555
In JetBrains WebStorm before 2024.3 code execution in Untrusted Project mode was possible via type definitions installer script • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data •
CVE-2024-50582
https://notcve.org/view.php?id=CVE-2024-50582
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-50581
https://notcve.org/view.php?id=CVE-2024-50581
In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead to XSS attack via comment tag • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-50580
https://notcve.org/view.php?id=CVE-2024-50580
In JetBrains YouTrack before 2024.3.47707 multiple XSS were possible due to insecure markdown parsing and custom rendering rule • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-50579
https://notcve.org/view.php?id=CVE-2024-50579
In JetBrains YouTrack before 2024.3.47707 reflected XSS due to insecure link sanitization was possible • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •