For everybody who is on TFS 2017 or 2018.
“Today, we are releasing updates for a cross site scripting (XSS) vulnerability and an issue where in some instances task groups may incorrectly show variables that are marked as secret. Team Foundation Server 2017 and 2018 are impacted. We have released patches for TFS 2017 Update 3.1 and TFS 2018 Update 1.2. We have also released TFS 2018 Update 3.2, which is a full install that includes these fixes.”
If you need help or looking for advice, please contact me.