CVE-2019-1305

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

5.4MEDIUM

EPSS

0.6%

top 30.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Azure Devops Server Microsoft Team Foundation Server Microsoft Team Foundation Server 2015 +1 more

Timeline

PublishedSep 11

Latest updateMay 24

Description

A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages6 packages

▶CVEListV5microsoft/team_foundation_server2017 Update 3.1

▶NVDmicrosoft/team_foundation_server2015, 2017, 2018+2

▶CVEListV5microsoft/team_foundation_server_2015Update 4.2

▶CVEListV5microsoft/team_foundation_server_2018Update 1.2, Update 3.2+1

▶CVEListV5microsoft/azure_devops_server2019.0.1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-33xh-mrrx-855g: A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Ser↗2022-05-24

▶

CVEList

CVE-2019-1305: A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Ser↗2019-09-11

▶

📋Vendor Advisories

Microsoft

Team Foundation Server Cross-site Scripting Vulnerability↗2019-09-10

▶