[Forgot Password]
Login  Register Subscribe

24547

 
 

132763

 
 

127571

 
 

909

 
 

105400

 
 

152

Paid content will be excluded from the download.


Download | Alert*
OVAL

Team Foundation Server Cross-site Scripting Vulnerability - CVE-2019-1076

ID: oval:org.secpod.oval:def:57360Date: (C)2019-07-11   (M)2019-07-18
Class: VULNERABILITYFamily: windows




A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input. An authenticated attacker could exploit the vulnerability by sending a specially crafted payload to the Team Foundation Server, which will get executed in the context of the user every time a user visits the compromised page. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, execute malicious code, and use the victim's identity to take actions on the site on behalf of the user, such as change permissions and delete content.

Platform:
Microsoft Windows 10
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016
Microsoft Windows Server 2019
Product:
Azure DevOps Server 2019
Microsoft Visual Studio Team Foundation Server 2018 Update 3.2
Reference:
CVE-2019-1076
CVE    1
CVE-2019-1076
CPE    3
cpe:/a:microsoft:visual_studio_team_foundation_server:2018
cpe:/o:microsoft:azure_devops_server_2019
cpe:/a:microsoft:visual_studio_team_foundation_server:2018:u3.2

© SecPod Technologies