CVE-2024-50581 MEDIUM

CVE-2024-50581

Vendor Jetbrains

Product YouTrack

Weakness CWE-79 · XSS

Published October 28, 2024

Last update October 28, 2024

View on NVD All CVEs

CVSS base score

4.6/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead to XSS attack via comment tag

Key dates

02Disclosure timeline

October 28, 2024 CVE published

October 28, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-50581

Related vulnerabilities

04Related CVE

CVE-2024-12439 Marketplace Items <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'marketplace' Shortcode CVE-2021-36866 WordPress Easy Pricing Tables plugin <= 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability CVE-2024-51901 WordPress Smooth Maps plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability CVE-2022-2681 SourceCodester Online Student Admission System Student User Page edit-profile.php cross site scripting CVE-2022-25604 WordPress Price Table plugin <= 0.2.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability