CVE-2022-28650: XSS
First published: Tue Apr 05 2022(Updated: )
In JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UI
Credit: security@jetbrains.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jetbrains Youtrack | <2022.1.43700 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2022-28650.
What is the severity of CVE-2022-28650?
The severity of CVE-2022-28650 is high (CVSS score 5.4).
What is affected by CVE-2022-28650?
JetBrains YouTrack versions before 2022.1.43700 are affected by this vulnerability.
How can an attacker exploit this vulnerability?
An attacker can inject JavaScript into Markdown in the YouTrack Classic UI.
Is there a fix available for CVE-2022-28650?
Yes, updating to JetBrains YouTrack version 2022.1.43700 or newer fixes this vulnerability.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/jetbrains
- canonical/jetbrains youtrack