Cross site scripting

A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867,...

CVE-2019-0874

CVE-2019-0874 is an XSS vulnerability in Microsoft Azure DevOps Server (and Team Foundation Server variants) caused by inadequate sanitization of user input. Exploitation could occur when an authenticated user is served a crafted payload, allowing client-side script execution in the context of th...

CVE-2019-0871

Azure DevOps Server and Team Foundation Server are affected by a cross-site scripting (XSS) vulnerability due to insufficient validation of user-supplied input. An attacker could exploit this to run scripts in the security context of the current user. CNVD entries describe the issue but do not pr...

CVE-2019-0870

A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867,...

CVE-2019-0875

An elevation of privilege vulnerability exists when Azure DevOps Server 2019 does not properly enforce project permissions, aka 'Azure DevOps Server Elevation of Privilege Vulnerability'...

CVE-2019-0875

Azure DevOps Server 2019 is affected by CVE-2019-0875, an elevation of privilege due to improper enforcement of project permissions. Multiple connected sources (including Red Hat, CNVD, NVD, and Microsoft MSRC entries) corroborate that an attacker with access to a project could exploit a crafted ...

CVE-2019-0869

A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnerability'...

CVE-2019-0874

A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'...

CVE-2019-0870

Technical details about CVE-2019-0870 are not provided in the connected documents. The available data include a description of an XSS vulnerability in Azure DevOps Server/TFS and CVSS metrics. Monitor for updates.

CVE-2019-0871

A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867,...

CVE-2019-0867

A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0868,...

CVE-2019-0866

A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0867, CVE-2019-0868,...

CVE-2019-0868

A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867,...

CVE-2019-0857

Azure DevOps Server / Team Foundation Server (2019) is affected by CVE-2019-0857, a spoofing vulnerability caused by improper sanitization of user input. The Red Hat and Microsoft advisories describe an attacker with authentication exploiting a crafted payload to bypass security measures and load...

CVE-2019-0866

CVE-2019-0866 : Azure DevOps Server and Team Foundation Server are vulnerable to a cross-site scripting (XSS) issue caused by improper sanitization of user-provided input. Base scores (NVD CVSS v3.0: 6.1, MEDIUM) with NETWORK attack vector and UI required, indicating media risk but no full exploi...

CVE-2019-0867

Azure DevOps Server and Team Foundation Server are affected by a Cross-site Scripting (XSS) vulnerability caused by improper validation/sanitization of user input. The CNVD entries describe a vulnerability where attacker-controlled input could execute scripts in the security context of the curren...

CVE-2019-0857

A spoofing vulnerability that could allow a security feature bypass exists in when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Spoofing Vulnerability'...

CVE-2019-0868

Affected products: Azure DevOps Server and Team Foundation Server (TFS). Vulnerability type: Cross‑Site Scripting (XSS) caused by improper validation of user‑supplied input. Impact (as described): Potential for an attacker to execute scripts in the security context of the current user. Root cause...

Azure DevOps Server HTML Injection Vulnerability

A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests. An attacker who successfully exploited the vulnerability could perform script or content injection attacks, and attempt to trick the user into disclosing sensitive information. An...

Azure DevOps Server Cross-site Scripting Vulnerability

A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server does not properly sanitize user provided input. An authenticated attacker could exploit the vulnerability by sending a specially crafted payload to the Team Foundation Server, which will get executed in the context of the us...