Skip to main content

Microsoft Visual Studio Team Foundation Server XSS Vulnerability

Last Update Date: 12 Sep 2012 12:34 Release Date: 12 Sep 2012 4952 Views

RISK: High Risk

TYPE: Servers - Network Management

TYPE: Network Management

A reflected XSS vulnerability exists in Visual Studio Team Foundation Server that could allow an attacker to inject a client-side script into the user's instance of Internet Explorer or any web browser using Team Foundation Server web access. The script could spoof content, disclose information, or take any action that the user could take on the site on behalf of the targeted user.


Impact

  • Cross-Site Scripting
  • Elevation of Privilege
  • Information Disclosure
  • Spoofing

System / Technologies affected

  • Microsoft Visual Studio Team Foundation Server 2010 Service Pack 1

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier


Source


Related Link