4 matches found
CVE-2024-49579
In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests...
JetBrains YouTrack < 2024.3.47197 Arbitrary Code Execution
The version of JetBrains YouTrack installed on the remote host is prior to 2024.3.47197. It is, therefore, affected by a vulnerability as referenced in the 2024347197 advisory. - Insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests JT-85294 Note that Nessus...
CVE-2024-49579
In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests...
CVE-2024-49579
JetBrains YouTrack prior to 2024.3.47197 is affected by CVE-2024-49579 due to insufficient validation of the iframe plugin communication channel, allowing arbitrary JavaScript execution and unauthorized API requests. The issue stems from the iframe plugin; attacker-controlled payloads could be ex...