JetBrains ≫ Teamcity

A user without the required permissions could gain access to some JetBrains TeamCity settings. The issue was fixed in TeamCity 2018.2.2.

Cross-site scripting (XSS) vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to inject arbitrary web script or HTML via the cameFromUrl parameter to feed/generateFeedUrl.html.

Unspecified vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to obtain sensitive information via unknown vectors.