432 results (0.001 seconds)

CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0

In JetBrains WebStorm before 2024.3 code execution in Untrusted Project mode was possible via type definitions installer script • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data •

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0

In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0

In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead to XSS attack via comment tag • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0

In JetBrains YouTrack before 2024.3.47707 multiple XSS were possible due to insecure markdown parsing and custom rendering rule • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0

In JetBrains YouTrack before 2024.3.47707 reflected XSS due to insecure link sanitization was possible • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •