In JetBrains PyCharm before 2025.3.2 a DOM-based XSS on Jupyter viewer page was possible
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements
In JetBrains YouTrack before 2024.3.47707 multiple XSS were possible due to insecure markdown parsing and custom rendering rule
In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized agents
In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration
In JetBrains YouTrack before 2024.3.47707 reflected XSS due to insecure link sanitization was possible
In JetBrains TeamCity before 2025.11.2 exposure of sensitive data via default agent parameters
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.
In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files
In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin
In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via Mermaid diagram content
In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via snapshot dependencies
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via sprint value on agile boards page
In JetBrains TeamCity before 2026.1 credentials parameters were exposed via parameter autocompletion
Unauthenticated Cross Site Scripting (XSS) in JetFormBuilder <= 3.6.0.1 versions.
In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API
In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page
In JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent pool
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.9.1 versions.