CVE-2019-0777
Severity
5.4MEDIUM
EPSS
0.8%
top 25.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 9
Latest updateMay 24
Description
A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7
Affected Packages3 packages
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-5h3x-73w2-c5q7: A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Ser↗2022-05-14
CVEList▶
CVE-2019-0777: A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Ser↗2019-04-09
📋Vendor Advisories
3Microsoft▶
The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir NULL NULL) and files using g_file_replace_contents (kfsb-↗2019-06-11