8 matches found
CVE-2025-15560
An authenticated attacker with minimal permissions can exploit a SQL injection in the WorkTime server "widget" API endpoint to inject SQL queries. If the Firebird backend is used, attackers are able to retrieve all data from the database backend. If the MSSQL backend is used the attacker can...
CVE-2024-50575
In JetBrains YouTrack before 2024.3.47707 reflected XSS was possible in Widget API...
JetBrains YouTrack < 2024.3.47707 Multiple Vulnerabilities
The version of JetBrains YouTrack installed on the remote host is prior to 2024.3.47707. It is, therefore, affected by multiple vulnerabilities as referenced in the vendor advisory. - Potential ReDoS exploit was possible via email header parsing in Helpdesk functionality CVE-2024-50574 - Reflecte...
CVE-2024-50575
In JetBrains YouTrack before 2024.3.47707 reflected XSS was possible in Widget API...
CVE-2024-50575
CVE-2024-50575 affects JetBrains YouTrack prior to version 2024.3.47707, where reflected XSS was possible via the Widget API. The vulnerability is documented across multiple feeds (NVD, Red Hat advisory, CNVD, CNVD, and Nessus plugin) as a cross-site scripting issue in the Widget API in YouTrack’...
EUVD-2024-44956
In JetBrains YouTrack before 2024.3.47707 reflected XSS was possible in Widget API...
CVE-2024-50575
In JetBrains YouTrack before 2024.3.47707 reflected XSS was possible in Widget API...
CVE-2024-50575
In JetBrains YouTrack before 2024.3.47707 reflected XSS was possible in Widget API...