[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability - CVE-2019-0872

ID: oval:org.secpod.oval:def:54700Date: (C)2019-05-15   (M)2021-06-02
Class: VULNERABILITYFamily: windows




A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input. An authenticated attacker could exploit the vulnerability by sending a specially crafted payload to an Azure DevOps server or a Team Foundation server, which will get executed in the context of the user every time a user visits the compromised page.The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, execute malicious code, and use the victim's identity to take actions on the site on behalf of the user, such as change permissions and delete content.

Platform:
Microsoft Windows 10
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016
Microsoft Windows Server 2019
Product:
Azure DevOps Server 2019
Microsoft Visual Studio Team Foundation Server 2015 Update 4.2
Microsoft Visual Studio Team Foundation Server 2018 Update 1.2
Microsoft Visual Studio Team Foundation Server 2018 Update 3.2
Microsoft Visual Studio Team Foundation Server 2017 Update 3.1
Reference:
CVE-2019-0872
CVE    1
CVE-2019-0872
CPE    8
cpe:/a:microsoft:visual_studio_team_foundation_server:2017:u3.1
cpe:/a:microsoft:visual_studio_team_foundation_server:2015
cpe:/a:microsoft:visual_studio_team_foundation_server:2017
cpe:/a:microsoft:visual_studio_team_foundation_server:2015:u4.2
...

© SecPod Technologies