Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Youtrack
(Jetbrains)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 83 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-10-28 | CVE-2024-50578 | In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via sprint value on agile boards page | Youtrack | 5.4 | ||
| 2024-10-28 | CVE-2024-50579 | In JetBrains YouTrack before 2024.3.47707 reflected XSS due to insecure link sanitization was possible | Youtrack | 6.1 | ||
| 2024-10-28 | CVE-2024-50580 | In JetBrains YouTrack before 2024.3.47707 multiple XSS were possible due to insecure markdown parsing and custom rendering rule | Youtrack | 5.4 | ||
| 2024-10-28 | CVE-2024-50581 | In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead to XSS attack via comment tag | Youtrack | 5.4 | ||
| 2024-10-28 | CVE-2024-50582 | In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements | Youtrack | 5.4 | ||
| 2024-10-10 | CVE-2024-48902 | In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via API | Youtrack | 5.4 | ||
| 2024-09-19 | CVE-2024-47160 | In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible | Youtrack | 5.3 | ||
| 2024-09-19 | CVE-2024-47159 | In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project | Youtrack | 4.3 | ||
| 2024-09-19 | CVE-2024-47162 | In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page | Youtrack | 5.3 | ||
| 2020-04-22 | CVE-2020-11693 | JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could be caused by attaching a malformed TIFF file to an issue. | Youtrack | 7.5 |