What the vulnerability does
01Description
In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible
CVSS base score
8.7/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
Key dates
02Disclosure timeline
May 29, 2026
CVE published
May 29, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2026-27156 NiceGUI has XSS via Code Injection
CVE-2023-47125 By-passing Cross-Site Scripting Protection in HTML Sanitizer
CVE-2025-2806 tagDiv Composer <= 5.3 - Reflected Cross-Site Scripting via 'data'
CVE-2025-64598 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-3517 Shortcodes and extra features for Phlox theme <= 2.15.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion Widget
