CVE-2024-35302 MEDIUM

CVE-2024-35302

Vendor Jetbrains

Product TeamCity

Weakness CWE-79 · XSS

Published May 16, 2024

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

In JetBrains TeamCity before 2023.11 stored XSS during restore from backup was possible

Key dates

02Disclosure timeline

May 16, 2024 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-35302 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-25129 WordPress Callback Request plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2024-13386 quote-posttype-plugin <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2023-49088 Cacti has incomplete fix for CVE-2023-39515 CVE-2022-3897 WP Affiliate Platform <= 6.3.9 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2025-26882 WordPress Popup Builder plugin <= 1.1.33 - Cross Site Scripting (XSS) vulnerability