In JetBrains YouTrack before 2021.3.21051, stored XSS is possible.
youtrack
CVE-2021-37554
In JetBrains YouTrack before 2021.3.21051, a user could see boards without having corresponding permissions.
CVE-2021-37553
In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used.
CVE-2021-37551
In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256.
CVE-2021-37552
In JetBrains YouTrack before 2021.2.17925, stored XSS was possible.
CVE-2021-37550
In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used.