CVE-2020-0700

Summary

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'.

Affected Software

VendorProductVersion RangeStatus
MicrosoftAzure DevOps Server2019.0.1affected
MicrosoftTeam Foundation Server 2018Update 3.2affected
MicrosoftTeam Foundation Server 2018Update 1.2affected
MicrosoftTeam Foundation Server2017 Update 3.1affected
MicrosoftAzure DevOps Server 2019Update 1affected
MicrosoftAzure DevOps Server 2019 Update 1.1unspecifiedaffected

Weaknesses

  • Spoofing

ADP Enrichment

CVE Program Container

Additional References

References