Cross-site Scripting Vulnerability in Azure DevOps Server and Team Foundation Server
CVE-2019-0871
6.1MEDIUM
Key Information:
- Vendor
Microsoft
- Vendor
- CVE Published:
- 9 April 2019
What is CVE-2019-0871?
A Cross-site Scripting (XSS) vulnerability is identified in Azure DevOps Server and Team Foundation Server due to inadequate sanitization of user-generated input. This flaw could allow attackers to inject malicious scripts, potentially leading to unauthorized actions or data exposure within the application.
Affected Version(s)
Azure DevOps Server 2019
Team Foundation Server 2017 Update 3.1
Team Foundation Server 2018 Update 1.2