CVE-2023-39175 MEDIUM

CVE-2023-39175

Vendor Jetbrains

Product TeamCity

Weakness CWE-79 · XSS

Published July 25, 2023

Last update October 15, 2024

View on NVD All CVEs

CVSS base score

4.6/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible

Key dates

02Disclosure timeline

July 25, 2023 CVE published

October 15, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-39175 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-7309 SourceCodester Record Management System entry.php cross site scripting CVE-2023-20145 Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities CVE-2024-51674 WordPress Sastra Essential Addons for Elementor plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability CVE-2019-12667 Cisco IOS XE Software Stored Cross-Site Scripting Vulnerability CVE-2023-24394 WordPress iframe popup Plugin <= 3.3 is vulnerable to Cross Site Scripting (XSS)