The host is installed with JetBrains TeamCity before 2023.05.1 and is prone to a reflected XSS vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. On successful exploitation, reflected XSS via the Referer header was possible during artifact downloads.