The host is installed with Jetbrains Teamcity less than 2019.1.2 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle issues in HTTP requests. Successful exploitation could allow to send an arbitrary HTTP request to a TeamCity server under the name of the currently logged-in user.