JetBrains YouTrack prior to 2021.4.36872 was vulnerable to stored XSS via a project icon.
jetbrains youtrack