CVE-2019-0866: XSS
First published: Tue Apr 09 2019(Updated: )
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Azure DevOps Server | =2019 | |
| Microsoft Team Foundation Server | =2015-4.2 | |
| Microsoft Team Foundation Server | =2017-3.1 | |
| Microsoft Team Foundation Server | =2018-1.2 | |
| Microsoft Team Foundation Server | =2018-3.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-0866?
CVE-2019-0866 is a Cross-site Scripting (XSS) vulnerability in Azure DevOps Server and Team Foundation Server.
How does CVE-2019-0866 affect Azure DevOps Server and Team Foundation Server?
CVE-2019-0866 allows attackers to execute malicious scripts in the user's web browser, potentially leading to unauthorized actions or data theft.
What is the severity of CVE-2019-0866?
CVE-2019-0866 has a severity rating of 6.1 (medium).
How can I fix the CVE-2019-0866 vulnerability?
To fix CVE-2019-0866, Microsoft has released security updates for affected versions of Azure DevOps Server and Team Foundation Server. Apply the latest updates to ensure the vulnerability is patched.
Where can I find more information about CVE-2019-0866?
You can find more information about CVE-2019-0866 on the Microsoft Security Guidance page and the SecurityFocus website.
- collector/nvd-index
- vendor/microsoft
- product/azure devops server
- canonical/microsoft azure devops server
- product/team foundation server
- canonical/microsoft team foundation server