Cross-site Scripting Vulnerability in Azure DevOps Server and Team Foundation Server
CVE-2019-0866
6.1MEDIUM
Key Information:
- Vendor
Microsoft
- Status
- Vendor
- CVE Published:
- 9 April 2019
What is CVE-2019-0866?
A Cross-site Scripting (XSS) vulnerability exists in Azure DevOps Server and Team Foundation Server due to inadequate sanitization of user-provided input. This flaw may allow attackers to execute arbitrary scripts in a user’s context, potentially leading to unauthorized access and data leakage. Proper sanitization measures are essential to mitigate the risks associated with this vulnerability.
Affected Version(s)
Azure DevOps Server 2019
Team Foundation Server 2017 Update 3.1
Team Foundation Server 2015 Update 4.2