This month, we are releasing fixes for security vulnerabilities that impact TFS 2015, TFS 2017, TFS 2018, and Azure DevOps Server 2019.
CVE-2019-1305: cross site scripting (XSS) vulnerability in Repos
CVE-2019-1306: remote code execution vulnerability in Wiki
Here are the versions impacted:
Azure DevOps Server 2019 Update 1 Patch 1