CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-15848

JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XSS), potentially making it possible to send an arbitrary HTTP request to a TeamCity server under the name of the currently logged-in user.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 0.3%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

https://blog.jetbrains.com/teamcity/2019/09/important-security-notice-xss-vulnerability-allowing-rce/
https://gist.github.com/JLLeitschuh/fe6784391254b58de680bbda78a04a70
https://twitter.com/JLLeitschuh/status/1169332316612644864?s=20
https://www.softwaresecured.com/jetbrains-teamcity-reflected-xss/
https://blog.jetbrains.com/teamcity/2019/09/important-security-notice-xss-vulnerability-allowing-rce/
https://gist.github.com/JLLeitschuh/fe6784391254b58de680bbda78a04a70
https://twitter.com/JLLeitschuh/status/1169332316612644864?s=20
https://www.softwaresecured.com/jetbrains-teamcity-reflected-xss/

Products affected by CVE-2019-15848

Jetbrains » Teamcity » Version: 2019.1

cpe:2.3:a:jetbrains:teamcity:2019.1
Jetbrains » Teamcity » Version: 2019.1.1

cpe:2.3:a:jetbrains:teamcity:2019.1.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-15848

Products

Pricing

Contact Us