CVE-2019-14961

JetBrains Upsource before 2019.1.1412 was not properly escaping HTML tags in a code block comments, leading to XSS.
Source: NIST
CVE-2019-14961