← Back

CVE-2018-8602

nvd nist
Published: Nov 14, 2018Modified: Nov 21, 2024

JSON object

Loading...
5.4
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.3 / Impact: 2.7
Source: NVD

Description

A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka "Team Foundation Server Cross-site Scripting Vulnerability." This affects Team.

Affected (4)

Microsoft
1 product
Team Foundation Server
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Microsoft
Team Foundation Server
Version 2017 3.1
Team Foundation Server
Version 2018 1.1
Team Foundation Server
Version 2018 3.0
Team Foundation Server
Version 2018 3.1

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

Source: secure@microsoft.com
Third Party AdvisoryVDB Entry
Source: secure@microsoft.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.