In JetBrains TeamCity before 2025.03.2 stored XSS via YouTrack integration was possible
In JetBrains TeamCity before 2025.03.2 stored XSS via GitHub Checks Webhook was possible
In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page
In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible
In JetBrains TeamCity before 2024.07.1 multiple stored XSS was possible on Clouds page
In JetBrains TeamCity before 2025.11 a DOM-based XSS was possible on the OAuth connections tab
In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin
In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS
In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible
In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure
In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack
In JetBrains YouTrack before 2024.3.47707 reflected XSS was possible in Widget API
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via vendor URL in App manifest
In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via snapshot dependencies
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via Angular template injection in Hub settings
In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements
In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration
In JetBrains TeamCity before 2025.11.2 exposure of sensitive data via default agent parameters
In JetBrains YouTrack before 2024.3.47707 reflected XSS due to insecure link sanitization was possible