In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible.Referenceshttps://blog.jetbrains.com/blog/2021/08/05/jetbrains-security-bulletin-q2-2021/
