CVE-2019-1305

Summary

A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'.

Affected Software

VendorProductVersion RangeStatus
MicrosoftTeam Foundation Server2017 Update 3.1affected
MicrosoftTeam Foundation Server 2018Update 1.2affected
MicrosoftTeam Foundation Server 2018Update 3.2affected
MicrosoftTeam Foundation Server 2015Update 4.2affected
MicrosoftAzure DevOps Server2019.0.1affected

Weaknesses

  • Spoofing

ADP Enrichment

CVE Program Container

Additional References

References