CVE-2019-0646
published 2019-01-17CVE-2019-0646: A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka "Team Foundation Server…
PriorityP424medium5.4CVSS 3.0
AVNACLPRLUIRSCCLILAN
EPSS
1.46%
70.3th percentile
A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka "Team Foundation Server Cross-site Scripting Vulnerability." This affects Team.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | team | — | — |
| microsoft | team_foundation_server | — | — |
| msrc | team_foundation_server_2018_update_3.2 | — | — |
CVSS provenance
nvdv3.05.4MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
vendor_msrc5.4HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Team Foundation Server Cross-site Scripting Vulnerability
vendor_msrc·2019-01-08·CVSS 5.4
CVE-2019-0646 [MEDIUM] Team Foundation Server Cross-site Scripting Vulnerability
Team Foundation Server Cross-site Scripting Vulnerability
Description: A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input. An authenticated attacker could exploit the vulnerability by sending a specially crafted payload to the Team Foundation Server, which will get executed in the context of the user every time a user visits the compromised page.
The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, execute malicious code, and use the victim's identity to take actions on the site on behalf
GHSA
GHSA-c5jp-rpx7-xpxg: A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka "Team Foundation Ser
ghsa_unreviewed·2022-05-14
CVE-2019-0646 [MEDIUM] CWE-79 GHSA-c5jp-rpx7-xpxg: A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka "Team Foundation Ser
A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka "Team Foundation Server Cross-site Scripting Vulnerability." This affects Team.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-01-17
Published