Stored XSS Vulnerability in JetBrains YouTrack Due to Improper HTML Sanitization

CVE-2024-50582

What is CVE-2024-50582?

A stored cross-site scripting (XSS) vulnerability has been identified in JetBrains YouTrack prior to version 2024.3.47707. This flaw arises from improper HTML sanitization in markdown elements, enabling attackers to inject malicious scripts that can be executed in the context of the user’s browser, potentially compromising sensitive user data and application integrity.

References