In JetBrains YouTrack before 2025.2.86935,
2025.2.87167,
2025.3.87341,
2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions
In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via vendor URL in App manifest
In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible
In JetBrains YouTrack before 2024.3.47707 multiple XSS were possible due to insecure markdown parsing and custom rendering rule
In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page
In JetBrains YouTrack before 2024.3.47707 reflected XSS was possible in Widget API
In JetBrains YouTrack before 2025.2.86069,
2024.3.85077,
2025.1.86199 email spoofing via an administrative API was possible
In JetBrains YouTrack before 2024.3.47707 reflected XSS due to insecure link sanitization was possible
In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project
In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication
In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via Angular template injection in Hub settings
In JetBrains YouTrack before 2025.3.119033 access tokens could be exposed in Mailbox logs
In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead to XSS attack via comment tag
In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox
In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements
In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible
In JetBrains YouTrack before 2025.1.74704 restricted attachments could become visible after issue cloning
Page 1+ Next →