OpenCVE

Filtered by vendor Jetbrains Subscriptions

Filtered by product Youtrack Subscriptions

Total 80 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2021-31905	1 Jetbrains	1 Youtrack	2024-08-03	7.5 High
In JetBrains YouTrack before 2020.6.8801, information disclosure in an issue preview was possible.
CVE-2021-27733	1 Jetbrains	1 Youtrack	2024-08-03	5.4 Medium
In JetBrains YouTrack before 2020.6.6441, stored XSS was possible via an issue attachment.
CVE-2021-25768	1 Jetbrains	1 Youtrack	2024-08-03	5.3 Medium
In JetBrains YouTrack before 2020.4.4701, permissions for attachments actions were checked improperly.
CVE-2021-25769	1 Jetbrains	1 Youtrack	2024-08-03	7.5 High
In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator wasn't able to access attachments.
CVE-2021-25765	1 Jetbrains	1 Youtrack	2024-08-03	8.8 High
In JetBrains YouTrack before 2020.4.4701, CSRF via attachment upload was possible.
CVE-2021-25770	1 Jetbrains	1 Youtrack	2024-08-03	9.8 Critical
In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution.
CVE-2021-25766	1 Jetbrains	1 Youtrack	2024-08-03	5.3 Medium
In JetBrains YouTrack before 2020.4.4701, improper resource access checks were made.
CVE-2021-25771	1 Jetbrains	1 Youtrack	2024-08-03	4.3 Medium
In JetBrains YouTrack before 2020.6.1099, project information could be potentially disclosed.
CVE-2021-25767	1 Jetbrains	1 Youtrack	2024-08-03	5.3 Medium
In JetBrains YouTrack before 2020.6.1767, an issue's existence could be disclosed via YouTrack command execution.
CVE-2022-28649	1 Jetbrains	1 Youtrack	2024-08-03	4.6 Medium
In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description
CVE-2022-28648	1 Jetbrains	1 Youtrack	2024-08-03	5.7 Medium
In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered
CVE-2022-28650	1 Jetbrains	1 Youtrack	2024-08-03	7.3 High
In JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UI
CVE-2022-24442	1 Jetbrains	1 Youtrack	2024-08-03	9.8 Critical
JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
CVE-2022-24347	1 Jetbrains	1 Youtrack	2024-08-03	5.4 Medium
JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project icon.
CVE-2022-24344	1 Jetbrains	1 Youtrack	2024-08-03	5.4 Medium
JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page.
CVE-2022-24343	1 Jetbrains	1 Youtrack	2024-08-03	4.3 Medium
In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions.
CVE-2023-50871	1 Jetbrains	1 Youtrack	2024-08-02	4.3 Medium
In JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was missed
CVE-2023-35053	1 Jetbrains	1 Youtrack	2024-08-02	7.5 High
In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible via Helpdesk forms
CVE-2023-35054	1 Jetbrains	1 Youtrack	2024-08-02	4.6 Medium
In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible
CVE-2024-22370	1 Jetbrains	1 Youtrack	2024-08-01	4.6 Medium
In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was possible

« first previous Page 4 of 4.