Stored XSS Vulnerability in JetBrains TeamCity Software
CVE-2023-34220
5.4MEDIUM
What is CVE-2023-34220?
A vulnerability in JetBrains TeamCity prior to version 2023.05 allows for stored Cross-Site Scripting (XSS) within the Commit Status Publisher window. This flaw can be exploited by attackers to inject malicious scripts that affect users interacting with affected components, potentially leading to unauthorized actions and compromised data integrity.
Affected Version(s)
TeamCity 0 < 2023.05
References
EPSS Score
5% chance of being exploited in the next 30 days.
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved