CVE-2023-38063

In JetBrains TeamCity before 2023.05.1 stored XSS while running custom builds was possible

CVE-2023-34220

In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible

CVE-2023-34221

In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible

CVE-2023-38066

In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads

CVE-2023-41249

In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step

CVE-2023-38062

In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build configurations

CVE-2025-47854

In JetBrains TeamCity before 2025.03.2 open redirect was possible on editing VCS Root page

CVE-2024-43114

In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory permissions

CVE-2025-47852

In JetBrains TeamCity before 2025.03.2 stored XSS via YouTrack integration was possible

CVE-2025-47851

In JetBrains TeamCity before 2025.03.2 stored XSS via GitHub Checks Webhook was possible

CVE-2025-47853

In JetBrains TeamCity before 2025.03.2 stored XSS via Jira integration was possible

CVE-2025-52875

In JetBrains TeamCity before 2025.03.3 a DOM-based XSS at the Performance Monitor page was possible

CVE-2025-52877

In JetBrains TeamCity before 2025.03.3 reflected XSS on diskUsageBuildsStats page was possible

CVE-2025-52879

In JetBrains TeamCity before 2025.03.3 reflected XSS in the NPM Registry integration was possible

CVE-2025-52876

In JetBrains TeamCity before 2025.03.3 reflected XSS on the favoriteIcon page was possible

CVE-2025-52878

In JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permissions