CVE-2026-49384
MEDIUMJetbrains PyCharm < 2025.3.4 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Title source: ruleDescription
In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible
References (1)
Core 1
Core References
Scores
CVSS v3
6.1
EPSS
0.0018
EPSS Percentile
7.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (2)
JetBrains/PyCharm
< 2025.3.4
jetbrains/pycharm
< 2025.3.4
Published
May 29, 2026
Tracked Since
May 30, 2026