Home

CVE-2019-0979

Description

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability. This CVE ID is unique from CVE-2019-0872.

Risk Information

Base Score
5.4
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.455

Associated Vulnerability

VulnerabilityOS Platform
Microsoft Office SharePoint XSS Vulnerability for Microsoft SharePoint Enterprise Server 2013 (KB4464511)Windows
Microsoft Office SharePoint XSS Vulnerability for Microsoft SharePoint Enterprise Server 2016 (KB4464510)Windows
Microsoft Office SharePoint XSS Vulnerability for Microsoft SharePoint Foundation 2010 (KB4464528)Windows
Microsoft Office SharePoint XSS Vulnerability for 2010 Microsoft Business Productivity Servers (KB4464525)Windows
Microsoft Office SharePoint XSS Vulnerability for Microsoft SharePoint Foundation 2013 (KB4464515)Windows
Microsoft Office SharePoint XSS Vulnerability for Microsoft SharePoint Server 2019 Core (KB4464518)Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-26450Security Update for Microsoft SharePoint Enterprise Server 2013 (KB4464511)
PATCH-26457Security Update for Microsoft SharePoint Enterprise Server 2016 (KB4464510)
PATCH-26441Security Update for 2010 Microsoft Business Productivity Servers (KB4464525)
PATCH-26449Security Update for Microsoft SharePoint Foundation 2013 (KB4464515)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234