First published: Tue Apr 09 2019(Updated: )
Credit: secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Azure DevOps Server | =2019 | |
Microsoft Team Foundation Server | =2015-4.2 | |
Microsoft Team Foundation Server | =2017-3.1 | |
Microsoft Team Foundation Server | =2018-1.2 | |
Microsoft Team Foundation Server | =2018-3.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-0866 is a Cross-site Scripting (XSS) vulnerability in Azure DevOps Server and Team Foundation Server.
CVE-2019-0866 allows attackers to execute malicious scripts in the user's web browser, potentially leading to unauthorized actions or data theft.
CVE-2019-0866 has a severity rating of 6.1 (medium).
To fix CVE-2019-0866, Microsoft has released security updates for affected versions of Azure DevOps Server and Team Foundation Server. Apply the latest updates to ensure the vulnerability is patched.
You can find more information about CVE-2019-0866 on the Microsoft Security Guidance page and the SecurityFocus website.