Wesley Wineberg

**Name of the Vulnerable Software and Affected Versions** Azure DevOps Server and Team Foundation Server (affected versions not specified) **Description** The issue exists due to inadequate protection of the web page structure in the Azure DevOps Server and Team Foundation Server software suite. Exploitation of this issue could allow a remote attacker to impact the confidentiality and integrity of protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Azure DevOps Server (affected versions not specified) **Description** The issue exists due to the failure to neutralize special elements, which can be exploited by a remote attacker using a specially crafted link to impact the confidentiality and integrity of protected information. This is related to a spoofing vulnerability when the software fails to properly handle web requests. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Azure DevOps Server and Team Foundation Server (affected versions not specified) **Description** The issue is related to a lack of input sanitization in Azure DevOps Server and Team Foundation Server, which can be exploited by a remote attacker to perform cross-site scripting (XSS) attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.