CVE-2020-0700

CWE-79 — Cross-site Scripting (XSS)5 documents5 sources

Severity

5.4MEDIUM

EPSS

0.5%

top 32.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Azure Devops Server Microsoft Azure Devops Server 2019 Microsoft Azure Devops Server 2019 Update 1.1 +2 more

Timeline

PublishedMar 12

Latest updateMay 24

Description

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages7 packages

▶CVEListV5microsoft/azure_devops_server2019.0.1

▶NVDmicrosoft/azure_devops_server2019.0.1

▶CVEListV5microsoft/azure_devops_server_2019Update 1

▶CVEListV5microsoft/azure_devops_server_2019_update_1.1unspecified

▶CVEListV5microsoft/team_foundation_server2017 Update 3.1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-vqxj-cwvp-vwpq: A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cr↗2022-05-24

▶

CVEList

CVE-2020-0700: A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cr↗2020-03-12

▶

💥Exploits & PoCs

Exploit-DB

WSO2 3.1.0 - Persistent Cross-Site Scripting↗2020-04-14

▶

📋Vendor Advisories

Microsoft

Azure DevOps Server Cross-site Scripting Vulnerability↗2020-03-10

▶