CVE-2019-1076: XSS
First published: Mon Jul 15 2019(Updated: )
A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'.
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Team Foundation Server | =2018-3.2 | |
| Microsoft Azure DevOps Server | =2019.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2019-1076?
CVE-2019-1076 is a Cross-site Scripting (XSS) vulnerability that exists in Team Foundation Server and Azure DevOps Server.
How does the CVE-2019-1076 vulnerability occur?
The CVE-2019-1076 vulnerability occurs when Team Foundation Server does not properly sanitize user provided input.
What is the severity of CVE-2019-1076?
The severity of CVE-2019-1076 is medium with a CVSS score of 5.4.
Which software is affected by CVE-2019-1076?
Team Foundation Server 2018 (version 2018-3.2) and Azure DevOps Server 2019.0.1 are affected by CVE-2019-1076.
How can I fix CVE-2019-1076?
To fix CVE-2019-1076, it is recommended to apply the necessary security patches provided by Microsoft.
- collector/nvd-index
- vendor/microsoft
- canonical/microsoft team foundation server
- version/microsoft team foundation server/2018-3.2
- canonical/microsoft azure devops server
- version/microsoft azure devops server/2019.0.1