Cross-site Scripting Vulnerability in Azure DevOps Server and Team Foundation Server
CVE-2019-0871

6.1MEDIUM

Key Information:

Vendor
Microsoft
Status
Team Foundation Server
Team Foundation Server 2018
Azure Devops Server
Vendor
CVE Published:
9 April 2019

Summary

A Cross-site Scripting (XSS) vulnerability is identified in Azure DevOps Server and Team Foundation Server due to inadequate sanitization of user-generated input. This flaw could allow attackers to inject malicious scripts, potentially leading to unauthorized actions or data exposure within the application.

Affected Version(s)

Azure DevOps Server 2019

Team Foundation Server 2017 Update 3.1

Team Foundation Server 2018 Update 1.2

References

https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_MISC
http://www.securityfocus.com/bid/107755
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2019-0871 : Cross-site Scripting Vulnerability in Azure DevOps Server and Team Foundation Server | SecurityVulnerability.io