cve/2019/CVE-2019-0866.md

### [CVE-2019-0866](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0866)
![](https://img.shields.io/static/v1?label=Product&message=Azure%20DevOps%20Server&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Team%20Foundation%20Server%202015&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Team%20Foundation%20Server%202018&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Team%20Foundation%20Server&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=2017%20Update%203.1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=2019%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=Update%201.2%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=Update%203.2%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=Update%204.2%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Spoofing&color=brightgreen)

### Description

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0867, CVE-2019-0868, CVE-2019-0870, CVE-2019-0871.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cvemon