In JetBrains TeamCity prior to 2022.04 potential XSS via Referrer header was possible
jetbrains teamcity