CVE-2025-54534
published 2025-07-28CVE-2025-54534: In JetBrains TeamCity before 2025.07 reflected XSS was possible on the agentpushPreset page
PriorityP420medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
0.73%
49.7th percentile
In JetBrains TeamCity before 2025.07 reflected XSS was possible on the agentpushPreset page
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jetbrains | teamcity | < 2025.07 | 2025.07 |
CVSS provenance
nvdv3.14.8MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
vendor_oracle7.5CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-23w3-3c8p-hvh3: In JetBrains TeamCity before 2025
ghsa_unreviewed·2025-07-28
CVE-2025-54534 [MEDIUM] CWE-79 GHSA-23w3-3c8p-hvh3: In JetBrains TeamCity before 2025
In JetBrains TeamCity before 2025.07 reflected XSS was possible on the agentpushPreset page
Oracle
Oracle Oracle Java SE Risk Matrix: JavaFX (WebKitGTK) — CVE-2024-54534
vendor_oracle·2025-04-15·CVSS 7.5
CVE-2024-54534 [CRITICAL] Oracle Oracle Java SE Risk Matrix: JavaFX (WebKitGTK) — CVE-2024-54534
Oracle Oracle Java SE Risk Matrix: JavaFX (WebKitGTK) vulnerability
CVE: CVE-2024-54534
CVSS: 7.5
Protocol: Multiple
Remote exploit: Yes
Affected versions: Network
Advisory: cpuapr2025 (APR 2025)
No detection rules found.
No public exploits indexed.
2025-07-28
Published