Cross-site Scripting Vulnerability in Azure DevOps Server and Team Foundation Server
CVE-2019-0870
6.1MEDIUM
Key Information:
- Vendor
Microsoft
- Vendor
- CVE Published:
- 9 April 2019
What is CVE-2019-0870?
A Cross-site Scripting (XSS) vulnerability exists in Azure DevOps Server and Team Foundation Server due to improper sanitization of user-provided input. Attackers could exploit this vulnerability to inject malicious scripts, potentially compromising the integrity and confidentiality of user data. It is essential for organizations using these products to apply necessary security updates and follow best practices in input validation to mitigate associated risks.
Affected Version(s)
Azure DevOps Server 2019
Team Foundation Server 2017 Update 3.1
Team Foundation Server 2018 Update 1.2