CVE-2020-1326 — Cross-site Scripting in Microsoft Azure Devops Server

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

5.4MEDIUMNVD

EPSS

0.5%

top 32.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Azure Devops Server Microsoft Azure Devops Server 2019 Microsoft Azure Devops Server 2019 Update 1.1

Timeline

PublishedJul 14

Latest updateMay 24

Description

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages4 packages

▶CVEListV5microsoft/azure_devops_server2019.0.1

▶NVDmicrosoft/azure_devops_server2019, 2019.0.1+1

▶CVEListV5microsoft/azure_devops_server_2019Update 1

▶CVEListV5microsoft/azure_devops_server_2019_update_1.1unspecified

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-j682-xgwv-63h4: A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cr↗2022-05-24

▶

CVEList

CVE-2020-1326: A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cr↗2020-07-14

▶

📋Vendor Advisories

Microsoft

Azure DevOps Server Cross-site Scripting Vulnerability↗2020-07-14

▶

💬Community

Bugzilla

CVE-2020-9308 libarchive: attempts to unpack a RAR5 file with an invalid or corrupted header leads to a SIGSEGV↗2020-02-21

▶