PT-2025-6219 · Jetbrains · Teamcity
Published
2025-02-11
·
Updated
2025-12-29
·
CVE-2025-26493
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
JetBrains TeamCity versions prior to 2024.12.2
Description
The issue concerns a DOM-based cross-site scripting (XSS) condition in the Code Inspection Report tab. This occurs due to insufficient protection of the web page structure. Exploitation could allow an attacker to execute malicious scripts in the context of a user's browser. The affected component is the Code Inspection Report tab. The vulnerability allows for multiple instances of DOM-based XSS.
Recommendations
Versions prior to 2024.12.2 should be updated to version 2024.12.2 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Teamcity