1125 matches found
Cross site request forgery (csrf)
JetBrains YouTrack versions before 2019.1 had a CSRF vulnerability on the settings page...
Cross site scripting
In JetBrains YouTrack through 2019.2.56594, stored XSS was found on the issue page...
Design/Logic Flaw
JetBrains YouTrack before 2019.2.53938 was using incorrect settings, allowing a user without necessary permissions to get other project names...
CVE-2019-14956
JetBrains YouTrack before 2019.2.53938 was using incorrect settings, allowing a user without necessary permissions to get other project names...
CVE-2019-14956
JetBrains YouTrack before 2019.2.53938 is affected by CVE-2019-14956, where incorrect settings allowed a user without sufficient permissions to obtain names of other projects. Red Hat and CVE trackers confirm the issue and the YouTrack entry on the JetBrains Q2 2019 security bulletin links the CV...
CVE-2019-15040
JetBrains YouTrack is affected by a Cross-Site Request Forgery (CSRF) vulnerability on the settings page in versions prior to 2019.1. The issue is described consistently across multiple connected sources (Red Hat, CNVD, CNVD, NVD mirror entries) as a CSRF in YouTrack before 2019.1. The CVE entry ...
CVE-2019-15040
JetBrains YouTrack versions before 2019.1 had a CSRF vulnerability on the settings page...
CVE-2019-16171
CVE-2019-16171 affects JetBrains YouTrack (through 2019.2.56594). Multiple connected sources confirm a Stored XSS on the issue page . The vulnerability is described consistently across Red Hat, CNVD, CNVD-2019-41873, NVD, and related CVE lists. The reports do not provide specific product versions...
CVE-2019-16171
In JetBrains YouTrack through 2019.2.56594, stored XSS was found on the issue page...
CVE-2019-15041
JetBrains YouTrack versions before 2019.1.52545 allowed unbounded URL whitelisting because of Inclusion of Functionality from an Untrusted Control Sphere...
CVE-2019-15041
JetBrains YouTrack versions before 2019.1.52545 allowed unbounded URL whitelisting because of Inclusion of Functionality from an Untrusted Control Sphere...
Design/Logic Flaw
JetBrains YouTrack versions before 2019.1.52545 allowed unbounded URL whitelisting because of Inclusion of Functionality from an Untrusted Control Sphere...
CVE-2019-15041
JetBrains YouTrack versions before 2019.1.52545 allowed unbounded URL whitelisting because of Inclusion of Functionality from an Untrusted Control Sphere...
CVE-2019-15041
CVE-2019-15041 affects JetBrains YouTrack. YouTrack versions before 2019.1.52545 allow unbounded URL whitelisting due to Inclusion of Functionality from an Untrusted Control Sphere. Public sources (Red Hat, CNVD, CVE listings) confirm the issue and associate the fixed build with YouTrack 2019.1.5...
CVE-2019-14953
JetBrains YouTrack versions before 2019.2.53938 had a possible XSS through issue attachments when using the Firefox browser...
CVE-2019-14953
JetBrains YouTrack versions before 2019.2.53938 had a possible XSS through issue attachments when using the Firefox browser...
Cross site scripting
JetBrains YouTrack versions before 2019.2.53938 had a possible XSS through issue attachments when using the Firefox browser...
CVE-2019-14953
JetBrains YouTrack versions before 2019.2.53938 had a possible XSS through issue attachments when using the Firefox browser...
CVE-2019-14953
CVE-2019-14953 affects JetBrains YouTrack versions before 2019.2.53938. The issue is a stored XSS via issue attachments when using Firefox, attributed to insufficient validation of client data in the web application. Impact is client-side code execution in affected YouTrack deployments. The fix i...
CVE-2019-14952
JetBrains YouTrack versions before 2019.1.52584 had a possible XSS in the issue titles...