Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
youtrack vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2019-16171
In JetBrains YouTrack up to and including 2019.2.56594, stored XSS was found on the issue page.
Jetbrains Youtrack
NA
CVE-2024-22370
In JetBrains YouTrack prior to 2023.3.22666 stored XSS via markdown was possible
Jetbrains Youtrack
5
CVSSv2
CVE-2020-25208
In JetBrains YouTrack prior to 2020.4.4701, an attacker could enumerate users via the REST API without appropriate permissions.
Jetbrains Youtrack
5
CVSSv2
CVE-2020-25209
In JetBrains YouTrack prior to 2020.3.6638, improper access control for some subresources leads to information disclosure via the REST API.
Jetbrains Youtrack
5
CVSSv2
CVE-2020-25210
In JetBrains YouTrack prior to 2020.3.7955, an attacker could access workflow rules without appropriate access grants.
Jetbrains Youtrack
6.5
CVSSv2
CVE-2020-15817
In JetBrains YouTrack prior to 2020.1.1331, an external user could execute commands against arbitrary issues.
Jetbrains Youtrack
5
CVSSv2
CVE-2020-27624
JetBrains YouTrack prior to 2020.3.888 was vulnerable to SSRF.
Jetbrains Youtrack
3.5
CVSSv2
CVE-2022-28648
In JetBrains YouTrack prior to 2022.1.43563 HTML code from the issue description was being rendered
Jetbrains Youtrack
3.5
CVSSv2
CVE-2022-28649
In JetBrains YouTrack prior to 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description
Jetbrains Youtrack
3.5
CVSSv2
CVE-2022-28650
In JetBrains YouTrack prior to 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UI
Jetbrains Youtrack
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673
CVE-2024-36674
CVE-2024-27348
unspecified
CVE-2024-24919
CVE-2024-4870
malicious code
CVE-2024-2019
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »