In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the build log was possible

In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent log

In JetBrains TeamCity before 2023.05.1 stored XSS while running custom builds was possible

In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build configurations

In JetBrains TeamCity before 2023.05.1 stored XSS when using a custom theme was possible

JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request.

In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible

In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible via Helpdesk forms

In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message

In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection page was possible