HTML Injection Vulnerability in JetBrains Hub by JetBrains
CVE-2021-37541

6.1MEDIUM

Key Information:

Vendor: Jetbrains
Status: Hub
Vendor: CVE Published:; 6 August 2021

What is CVE-2021-37541?

An HTML injection vulnerability exists in JetBrains Hub versions prior to 2021.1.13402. This weakness allows an attacker to manipulate the content of password reset emails, potentially leading to unsolicited email content delivery that could mislead users. By exploiting this flaw, attackers can inject arbitrary HTML into the reset email, potentially confusing the user and impacting trust in the email communication.

References

https://blog.jetbrains.com/blog/2021/08/05/jetbrains-secu...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 6, 2021
Vulnerability Reserved
Jul 26, 2021

Jetbrains

What is CVE-2021-37541?

References

CVSS V3.1

Timeline