Stored XSS Vulnerability in JetBrains Space
CVE-2020-11416

5.4MEDIUM

Key Information:

Vendor: Jetbrains
Status: Space
Vendor: CVE Published:; 22 April 2020

What is CVE-2020-11416?

JetBrains Space, prior to the version released on April 22, 2020, is subject to a stored Cross-Site Scripting (XSS) vulnerability that occurs in its chat functionality. This vulnerability could allow an attacker to embed malicious scripts within chat messages, which may then execute in the browser of any user viewing the chat, leading to potential data theft, session hijacking, or other malicious actions.

References

https://blog.jetbrains.com/blog/2020/04/22/jetbrains-secu...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2020
Vulnerability Reserved
Mar 31, 2020

Jetbrains

What is CVE-2020-11416?

References

CVSS V3.1

Timeline