CVE-2019-1305
https://notcve.org/view.php?id=CVE-2019-1305
A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'. Se presenta una vulnerabilidad de tipo Cross-site Scripting (XSS) cuando Team Foundation Server no sanea apropiadamente la entrada proporcionada por el usuario, también se conoce como "Team Foundation Server Cross-site Scripting Vulnerability". • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1305 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-1306 – Microsoft Azure DevOps Server Markdown Indexing Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-1306
A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly, aka 'Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability'. Se presenta una vulnerabilidad de ejecución de código remota cuando Azure DevOps Server (ADO) y Team Foundation Server (TFS) no pueden comprobar la entrada apropiadamente, también se conoce como "Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Azure DevOps Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of markdown files during indexing of wiki content. A crafted document uploaded to a wiki can trigger the deserialization of untrusted data. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1306 • CWE-20: Improper Input Validation •
CVE-2019-1076
https://notcve.org/view.php?id=CVE-2019-1076
A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'. Se presenta una vulnerabilidad de Cross-site-Scripting (XSS) cuando Team Foundation Server no sanea apropiadamente la entrada proporcionada por el usuario, también se conoce como "Team Foundation Server Cross-site Scripting Vulnerability". • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1076 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-1072
https://notcve.org/view.php?id=CVE-2019-1072
A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input, aka 'Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability'. Existe una vulnerabilidad de ejecución de código remota cuando Azure DevOps Server y Team Foundation Server (TFS), manejan inapropiadamente las entradas de los usuarios, también se conoce como "Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability". • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1072 • CWE-20: Improper Input Validation •