First published: Tue Apr 09 2019(Updated: )
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0870.
Credit: secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Team Foundation Server | =2017-3.1 | |
Microsoft Team Foundation Server | =2018-1.2 | |
Microsoft Team Foundation Server | =2018-3.2 | |
Microsoft Azure DevOps Server | =2019 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-0871 is a Cross-site Scripting (XSS) vulnerability that exists in Azure DevOps Server and Team Foundation Server.
The XSS vulnerability occurs when user input is not properly sanitized, allowing malicious scripts to be injected and executed in a victim's browser.
The affected software versions include Microsoft Team Foundation Server versions 2017-3.1, 2018-1.2, and 2018-3.2, as well as Microsoft Azure DevOps Server 2019.
CVE-2019-0871 has a severity rating of 6.1 (medium).
To fix the vulnerability, you should update to the latest version of Azure DevOps Server or Team Foundation Server as recommended by Microsoft.