In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible
In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible
In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests
In JetBrains TeamCity before 2025.03 stored XSS was possible on Cloud Profiles page
In JetBrains TeamCity before 2025.03.3 a DOM-based XSS at the Performance Monitor page was possible
In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible
In JetBrains TeamCity before 2024.07 stored XSS was possible on the Code Inspection tab
In JetBrains YouTrack before 2025.2.86935,
2025.2.87167,
2025.3.87341,
2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible in the AWS Core plugin
In JetBrains TeamCity before 2026.1,
2025.11.5 reflected XSS was possible on the repository download page
In JetBrains TeamCity before 2025.07 reflected XSS was possible on the agentpushPreset page
In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings
In JetBrains TeamCity before 2025.11 a DOM-based XSS was possible on the OAuth connections tab
In JetBrains TeamCity before 2025.11 reflected XSS was possible on VCS Root setup
In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page
In JetBrains TeamCity before 2024.07.1 multiple stored XSS was possible on Clouds page
In JetBrains TeamCity before 2025.11.1 reflected XSS was possible on the storage settings page
In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests
In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page
In JetBrains TeamCity before 2025.03.3 reflected XSS on the favoriteIcon page was possible