7 matches found
CVE-2019-12851
A CSRF vulnerability was detected in one of the admin endpoints of JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49852.
CVE-2024-49579
In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests
CVE-2024-38506
In JetBrains YouTrack before 2024.2.34646 user without appropriate permissions could enable the auto-attach option for workflows
CVE-2020-15817
In JetBrains YouTrack before 2020.1.1331, an external user could execute commands against arbitrary issues.
CVE-2021-25765
In JetBrains YouTrack before 2020.4.4701, CSRF via attachment upload was possible.
CVE-2019-15040
JetBrains YouTrack versions before 2019.1 had a CSRF vulnerability on the settings page.
CVE-2025-57731
In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via Mermaid diagram content