CVE-2024-35299
- EPSS 0.01%
- Published 16.05.2024 11:15:47
- Last modified 28.01.2025 16:35:03
In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate hostname validation
CVE-2024-28230
- EPSS 0.01%
- Published 07.03.2024 12:15:47
- Last modified 16.12.2024 15:05:43
In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin permissions
CVE-2024-28229
- EPSS 0.01%
- Published 07.03.2024 12:15:47
- Last modified 16.12.2024 15:06:00
In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues and articles
CVE-2024-28228
- EPSS 0.01%
- Published 07.03.2024 12:15:46
- Last modified 16.12.2024 15:06:31
In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was possible
CVE-2024-22370
- EPSS 21.17%
- Published 09.01.2024 10:15:23
- Last modified 21.11.2024 08:56:08
In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was possible
CVE-2023-50871
- EPSS 0%
- Published 15.12.2023 14:15:15
- Last modified 21.11.2024 08:37:27
In JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was missed
CVE-2023-38068
- EPSS 0%
- Published 12.07.2023 13:15:09
- Last modified 21.11.2024 08:12:47
In JetBrains YouTrack before 2023.1.16597 captcha was not properly validated for Helpdesk forms
CVE-2023-35054
- EPSS 0.04%
- Published 12.06.2023 16:15:10
- Last modified 21.11.2024 08:07:53
In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible
CVE-2023-35053
- EPSS 0%
- Published 12.06.2023 16:15:10
- Last modified 21.11.2024 08:07:53
In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible via Helpdesk forms
CVE-2022-28650
- EPSS 0.01%
- Published 05.04.2022 18:15:08
- Last modified 21.11.2024 06:57:39
In JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UI