Youtrack Security Vulnerabilities
5.4CVSS
5.4AI Score
0.001EPSS
In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions.
4.3CVSS
4.6AI Score
0.001EPSS
JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page.
5.4CVSS
5.1AI Score
0.001EPSS
JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project icon.
5.4CVSS
5.1AI Score
0.001EPSS
JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
9.8CVSS
9.4AI Score
0.002EPSS
In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered
5.7CVSS
5.6AI Score
0.001EPSS
In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description
5.4CVSS
5.4AI Score
0.001EPSS
In JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UI
7.3CVSS
5.4AI Score
0.001EPSS
In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible via Helpdesk forms
7.5CVSS
7.5AI Score
0.001EPSS
In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible
5.4CVSS
5.2AI Score
0.0005EPSS
In JetBrains YouTrack before 2023.1.16597 captcha was not properly validated for Helpdesk forms
7.3CVSS
7.2AI Score
0.001EPSS
In JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was missed
4.3CVSS
4.8AI Score
0.0004EPSS
5.4CVSS
5.2AI Score
0.0004EPSS