Microsoft Team Foundation Server CVE-2018-8602 Cross Site Scripting Vulnerability

Bugtraq ID:	105895
Class:	Input Validation Error
CVE:	CVE-2018-8602
Remote:	Yes
Local:	No
Published:	Nov 13 2018 12:00AM
Updated:	Nov 13 2018 12:00AM
Credit:	Microsoft
Vulnerable:	Microsoft Team Foundation Server 2018 Update 3.1 Microsoft Team Foundation Server 2018 Update 3 Microsoft Team Foundation Server 2018 Update 1.1 Microsoft Team Foundation Server 2017 Update 3.1
Not Vulnerable:

Microsoft Team Foundation Server CVE-2018-8602 Cross Site Scripting Vulnerability

Microsoft Team Foundation Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to perform unauthorized actions such as reading, modifying, or deleting content on behalf of the victim on the SharePoint site.

Microsoft Team Foundation Server CVE-2018-8602 Cross Site Scripting Vulnerability

An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage.

Microsoft Team Foundation Server CVE-2018-8602 Cross Site Scripting Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Microsoft Team Foundation Server CVE-2018-8602 Cross Site Scripting Vulnerability

References:

• Microsoft Homepage (Microsoft)
  
• CVE-2018-8602 | Team Foundation Server Cross-site Scripting Vulnerability (Microsoft)