CVE-2013-5042: XSS
First published: Wed Dec 11 2013(Updated: )
Cross-site scripting (XSS) vulnerability in Microsoft ASP.NET SignalR 1.1.x before 1.1.4 and 2.0.x before 2.0.1, and Visual Studio Team Foundation Server 2013, allows remote attackers to inject arbitrary web script or HTML via crafted Forever Frame transport protocol data, aka "SignalR XSS Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft ASP.NET SignalR | =1.1.0 | |
| Microsoft ASP.NET SignalR | =1.1.1 | |
| Microsoft ASP.NET SignalR | =1.1.2 | |
| Microsoft ASP.NET SignalR | =1.1.3 | |
| Microsoft ASP.NET SignalR | =2.0.0 | |
| Microsoft Visual Studio Team Foundation Server | =2013 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/microsoft
- canonical/microsoft asp.net signalr
- version/microsoft asp.net signalr/1.1.0
- version/microsoft asp.net signalr/1.1.1
- version/microsoft asp.net signalr/1.1.2
- version/microsoft asp.net signalr/1.1.3
- version/microsoft asp.net signalr/2.0.0
- canonical/microsoft visual studio team foundation server
- version/microsoft visual studio team foundation server/2013