1320 matches found
Cross site scripting
A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867,...
Cross site scripting
A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867,...
Security feature bypass
A spoofing vulnerability that could allow a security feature bypass exists in when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Spoofing Vulnerability'...
CVE-2019-0869
A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnerability'...
CVE-2019-0870
Technical details about CVE-2019-0870 are not provided in the connected documents. The available data include a description of an XSS vulnerability in Azure DevOps Server/TFS and CVSS metrics. Monitor for updates.
CVE-2019-0875
An elevation of privilege vulnerability exists when Azure DevOps Server 2019 does not properly enforce project permissions, aka 'Azure DevOps Server Elevation of Privilege Vulnerability'...
CVE-2019-0869
CVE-2019-0869 affects Microsoft Azure DevOps Server (and related Team Foundation Server deployments) where HTML injection/s spoofing can occur due to improper handling of web inputs. The root cause is insufficient sanitization of user-supplied input in web requests, enabling attacker-controlled H...
CVE-2019-0871
A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867,...
CVE-2019-0874
CVE-2019-0874 is an XSS vulnerability in Microsoft Azure DevOps Server (and Team Foundation Server variants) caused by inadequate sanitization of user input. Exploitation could occur when an authenticated user is served a crafted payload, allowing client-side script execution in the context of th...
CVE-2019-0875
Azure DevOps Server 2019 is affected by CVE-2019-0875, an elevation of privilege due to improper enforcement of project permissions. Multiple connected sources (including Red Hat, CNVD, NVD, and Microsoft MSRC entries) corroborate that an attacker with access to a project could exploit a crafted ...
CVE-2019-0871
Azure DevOps Server and Team Foundation Server are affected by a cross-site scripting (XSS) vulnerability due to insufficient validation of user-supplied input. An attacker could exploit this to run scripts in the security context of the current user. CNVD entries describe the issue but do not pr...
CVE-2019-0874
A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'...
CVE-2019-0870
A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867,...
CVE-2019-0867
Azure DevOps Server and Team Foundation Server are affected by a Cross-site Scripting (XSS) vulnerability caused by improper validation/sanitization of user input. The CNVD entries describe a vulnerability where attacker-controlled input could execute scripts in the security context of the curren...
CVE-2019-0867
A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0868,...
CVE-2019-0868
A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867,...
CVE-2019-0857
A spoofing vulnerability that could allow a security feature bypass exists in when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Spoofing Vulnerability'...
CVE-2019-0866
CVE-2019-0866 : Azure DevOps Server and Team Foundation Server are vulnerable to a cross-site scripting (XSS) issue caused by improper sanitization of user-provided input. Base scores (NVD CVSS v3.0: 6.1, MEDIUM) with NETWORK attack vector and UI required, indicating media risk but no full exploi...
CVE-2019-0857
Azure DevOps Server / Team Foundation Server (2019) is affected by CVE-2019-0857, a spoofing vulnerability caused by improper sanitization of user input. The Red Hat and Microsoft advisories describe an attacker with authentication exploiting a crafted payload to bypass security measures and load...
CVE-2019-0866
A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0867, CVE-2019-0868,...