Vulnerability Details CVE-2014-10036
Cross-site scripting (XSS) vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to inject arbitrary web script or HTML via the cameFromUrl parameter to feed/generateFeedUrl.html.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 0.2%
CVSS Severity
CVSS v2 Score 4.3
References
- http://confluence.jetbrains.com/display/TCD8/What%27s+New+in+TeamCity+8.1
- http://secunia.com/advisories/57221
- https://exchange.xforce.ibmcloud.com/vulnerabilities/91768
- https://www.netsparker.com/critical-xss-vulnerabilities-in-teamcity/
- http://confluence.jetbrains.com/display/TCD8/What%27s+New+in+TeamCity+8.1
- http://secunia.com/advisories/57221
- https://exchange.xforce.ibmcloud.com/vulnerabilities/91768
- https://www.netsparker.com/critical-xss-vulnerabilities-in-teamcity/
Products affected by CVE-2014-10036
-
cpe:2.3:a:jetbrains:teamcity:-
-
cpe:2.3:a:jetbrains:teamcity:2.0
-
cpe:2.3:a:jetbrains:teamcity:2.1
-
cpe:2.3:a:jetbrains:teamcity:3.0
-
cpe:2.3:a:jetbrains:teamcity:3.1
-
cpe:2.3:a:jetbrains:teamcity:4.0
-
cpe:2.3:a:jetbrains:teamcity:4.0.1
-
cpe:2.3:a:jetbrains:teamcity:4.0.2
-
cpe:2.3:a:jetbrains:teamcity:4.5
-
cpe:2.3:a:jetbrains:teamcity:5.0
-
cpe:2.3:a:jetbrains:teamcity:5.1
-
cpe:2.3:a:jetbrains:teamcity:6.0
-
cpe:2.3:a:jetbrains:teamcity:6.5
-
cpe:2.3:a:jetbrains:teamcity:7.0
-
cpe:2.3:a:jetbrains:teamcity:7.1
-
cpe:2.3:a:jetbrains:teamcity:8.0