JetBrains Upsource Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) Vulnerability 

Summary

JetBrains Upsource before 2019.1.1412 was not properly escaping HTML tags in a code block comments, leading to XSS.

 

Credit:

Vulnerable Systems: 

JetBrains Upsource before 2019.1.1412

CVE Information:

CVE-2019-14961 

Disclosure Timeline:

Published Date:10/01/2019

 


Details

Vulnerable Systems: 

JetBrains YouTrack versions before 2019.1.52545

CVE Information:

CVE-2019-15041

Disclosure Timeline:

Published Date:10/01/2019