Primary

Context

JetBrains TeamCity DOM-Based Cross-Site Scripting Vulnerability

Vulnerability

Patched

A vulnerability allowing for multiple DOM-based cross-site scripting (XSS) attacks has been identified in JetBrains TeamCity versions prior to 2024.12.2. This issue was reported by a JetBrains team member and is documented in the TeamCity issue tracker.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user.

Reproduction

To reproduce this vulnerability, navigate to the Code Inspection Report tab in JetBrains TeamCity. The XSS can be triggered by manipulating the DOM in a way that injects malicious scripts, which are then executed.

Remediation

Users can update to JetBrains TeamCity version 2024.12.2 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

1.7

exploitability

5.3

remediation

7.7

relevance

0.0

threat

1.9

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

1.7

exploitability

5.3

remediation

7.7

relevance

0.0

threat

1.9

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

JetBrains TeamCity DOM-Based Cross-Site Scripting Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

JetBrains TeamCity

JetBrains YouTrack

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating