CVE-2019-0874: XSS
First published: Tue Apr 09 2019(Updated: )
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'.
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Azure DevOps Server |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-0874?
CVE-2019-0874 is a Cross-site Scripting (XSS) vulnerability in Azure DevOps Server.
How does the vulnerability in CVE-2019-0874 occur?
The vulnerability occurs when Azure DevOps Server fails to properly sanitize user-provided input, leading to a Cross-site Scripting (XSS) vulnerability.
What is the severity rating of CVE-2019-0874?
The severity rating of CVE-2019-0874 is medium with a CVSS score of 6.1.
What is the Common Weakness Enumeration (CWE) ID associated with CVE-2019-0874?
The Common Weakness Enumeration (CWE) ID associated with CVE-2019-0874 is CWE-79 (Cross-site Scripting).
How can I fix the Azure DevOps Server Cross-site Scripting vulnerability (CVE-2019-0874)?
To fix the vulnerability, it is recommended to apply the necessary security updates or patches provided by Microsoft.
- collector/nvd-index
- vendor/microsoft
- canonical/microsoft azure devops server