Cross-site Scripting Vulnerability in Team Foundation Server by Microsoft
CVE-2019-1305

5.4MEDIUM

Key Information:

Vendor: Microsoft
Status: Team Foundation Server; Team Foundation Server 2018; Team Foundation Server 2015; Azure Devops Server
Vendor: CVE Published:; 11 September 2019

Summary

An issue has been identified within Team Foundation Server that allows an attacker to exploit improper input sanitization, leading to a Cross-site Scripting (XSS) vulnerability. This can enable malicious users to inject arbitrary scripts into web pages viewed by other users, potentially allowing unauthorized actions or data theft. Proper mitigation strategies and timely updates are crucial for maintaining the security of affected installations.

Affected Version(s)

Azure DevOps Server 2019.0.1

Team Foundation Server 2017 Update 3.1

Team Foundation Server 2015 Update 4.2

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 11, 2019
Vulnerability Reserved
Nov 26, 2018