First published: Tue May 11 2021(Updated: )
In JetBrains YouTrack before 2020.6.6441, stored XSS was possible via an issue attachment.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Jetbrains Youtrack | <2020.6.6441 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2021-27733.
The severity of CVE-2021-27733 is medium with a severity value of 5.4.
An attacker can exploit CVE-2021-27733 by attaching a malicious file to an issue in JetBrains YouTrack before version 2020.6.6441, which can lead to stored cross-site scripting (XSS) attacks.
To check if your version of JetBrains YouTrack is affected by CVE-2021-27733, verify that your version is earlier than 2020.6.6441.
To fix CVE-2021-27733, update your JetBrains YouTrack installation to version 2020.6.6441 or later.