CVE-2021-43186: 
YouTrack vulnerability analysis and mitigation

JetBrains YouTrack before version 2021.3.24402 was found to be vulnerable to stored Cross-Site Scripting (XSS). The vulnerability was reported by Artem Ivanov and was assigned the identifier CVE-2021-43186. The issue was disclosed on November 8, 2021, and affected all versions of YouTrack prior to the patched version (JetBrains Blog, NVD).

The vulnerability is classified as a CWE-79 type, which refers to Improper Neutralization of Input During Web Page Generation (Cross-site Scripting). The CVSS v3.1 base score is 5.4 (Medium), with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. This indicates that the vulnerability requires network access, low attack complexity, low privileges, and user interaction, with potential impact on confidentiality and integrity (NVD).

The stored XSS vulnerability could allow attackers to execute malicious scripts in the context of other users' browsers, potentially leading to theft of sensitive information, session hijacking, or other client-side attacks. The CVSS scoring indicates low impacts on both confidentiality and integrity, with no impact on availability (NVD).

The vulnerability was patched in YouTrack version 2021.3.24402. Users are advised to upgrade to this version or later to mitigate the risk. No alternative workarounds were published (JetBrains Blog).