CVE-2019-1076

Name of the Vulnerable Software and Affected Versions Team Foundation Server (affected versions not specified)

Description A Cross-site Scripting (XSS) issue exists due to improper sanitization of user-provided input. This could allow a remote attacker to execute arbitrary code in the context of the current user by sending a specially crafted request to the Team Foundation Server. The vulnerability is related to the lack of input data sanitization measures in the Azure DevOps Server and Team Foundation Server collaborative software development toolkit and project management and version control system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.