What the vulnerability does
01Description
In JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UI
CVSS base score
7.3/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Key dates
02Disclosure timeline
April 5, 2022
CVE published
August 3, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2024-13581 Simple Charts <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-22706 WordPress Social Pug: Author Box plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2019-12716 Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
CVE-2022-50945 WordPress 3dady Real-Time Web Stats 1.0 Stored XSS
CVE-2021-24528 FluentSMTP < 2.0.1 - Authenticated Stored XSS
