Severity by source
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
In JetBrains Hub before 2024.2.34646 stored XSS via project description was possible
AnalysisAI
In JetBrains Hub before 2024.2.34646 stored XSS via project description was possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. In JetBrains Hub before 2024.2.34646 stored XSS via project description was possible Affected products include: Jetbrains Hub. Version information: before 2024.2.34646.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
Insecure permissions in Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows authenticated attackers with low-leve
Authentication bypass in JetBrains Hub (the identity and account-management server behind TeamCity, YouTrack, and other
Account takeover in JetBrains Hub is possible through predictable restore codes, affecting all versions prior to 2026.1.
Hub v2.0 property management system allows unauthenticated arbitrary file upload via /utils/uploadFile. Malicious PDF fi
In JetBrains Hub before 2022.1.14434, SAML request takeover was possible. Rated critical severity (CVSS 9.8), this vulne
In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed. Rated critical severity
In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset. Rated critical severity (CVSS
JetBrains Hub before 2025.3.119807 has an authentication bypass allowing administrative actions without proper credentia
JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF). Rated critical severity (C
Privilege escalation in JetBrains Hub (versions prior to 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024
The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlin
Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today