CVE-2019-0979

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

5.4MEDIUM

EPSS

0.5%

top 36.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Azure Devops Server Microsoft Team Foundation Server Microsoft Team Foundation Server 2018

Timeline

PublishedMay 16

Latest updateMay 24

Description

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0872.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages5 packages

▶CVEListV5microsoft/azure_devops_server2019

▶NVDmicrosoft/azure_devops_server2019

▶CVEListV5microsoft/team_foundation_server2017 Update 3.1

▶NVDmicrosoft/team_foundation_server2017, 2018+1

▶CVEListV5microsoft/team_foundation_server_2018Update 1.2, Update 3.2+1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-vgfq-m53c-p426: A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, ak↗2022-05-24

▶

CVEList

CVE-2019-0979: A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, ak↗2019-05-16

▶

📋Vendor Advisories

Microsoft

Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability↗2019-05-14

▶