In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions.
4.3CVSS
4.6AI Score
0.001EPSS
JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page.
5.4CVSS
5.1AI Score
0.001EPSS
JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project icon.
5.4CVSS
5.1AI Score
0.001EPSS
JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
9.8CVSS
9.4AI Score
0.002EPSS