Cross-Site Scripting Vulnerability in Microsoft Visual Studio Team Foundation Server 2010 SP1
CVE-2012-1892

Currently unrated

Key Information:

Vendor: Microsoft
Status: Visual Studio Team Foundation Server
Vendor: CVE Published:; 11 September 2012

Summary

A cross-site scripting vulnerability exists in Microsoft Visual Studio Team Foundation Server 2010 SP1, allowing remote attackers to inject arbitrary web scripts or HTML into the application through an unspecified parameter. This can compromise the security of the web application and potentially lead to the exposure of sensitive data.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.us-cert.gov/cas/techalerts/TA12-255A.html

third-party-advisoryx_refsource_CERT

EPSS Score

44% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 11, 2012
Vulnerability Reserved
Mar 22, 2012