CVE-2019-1305

Name of the Vulnerable Software and Affected Versions Team Foundation Server (affected versions not specified) Azure DevOps Server (affected versions not specified)

Description The issue is related to a lack of protection for the web page structure in Team Foundation Server and Azure DevOps Server. This can be exploited by a remote attacker to perform a cross-site scripting attack. The vulnerability exists due to improper sanitization of user-provided input.

Recommendations For Team Foundation Server, ensure proper sanitization of user input to prevent cross-site scripting attacks. For Azure DevOps Server, consider implementing additional security measures to protect against cross-site scripting attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.