CVE-2024-56352 MEDIUM

CVE-2024-56352

Vendor Jetbrains

Product TeamCity

Weakness CWE-79 · XSS

Published December 20, 2024

Last update December 20, 2024

View on NVD All CVEs

CVSS base score

4.6/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

In JetBrains TeamCity before 2024.12 stored XSS was possible via image name on the agent details page

Key dates

02Disclosure timeline

December 20, 2024 CVE published

December 20, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-56352 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-53989 WordPress JetBlocks For Elementor plugin <= 1.3.19 - Cross Site Scripting (XSS) Vulnerability CVE-2023-36886 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability CVE-2025-7500 Ocean Social Sharing <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-53462 WordPress SAPO Feed plugin <= 2.4.2 - Cross Site Scripting (XSS) vulnerability CVE-2025-53275 WordPress Leyka plugin <= 3.32.1 - Cross Site Scripting (XSS) vulnerability