CVE-2013-5042

2013-12-1100:55:03

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.1

Confidence

High

EPSS

0.68

Percentile

98.0%

JSON

Cross-site scripting (XSS) vulnerability in Microsoft ASP.NET SignalR 1.1.x before 1.1.4 and 2.0.x before 2.0.1, and Visual Studio Team Foundation Server 2013, allows remote attackers to inject arbitrary web script or HTML via crafted Forever Frame transport protocol data, aka “SignalR XSS Vulnerability.”

Affected configurations

Nvd

Node

microsoftasp.net_signalrMatch1.1.0

microsoftasp.net_signalrMatch1.1.1

microsoftasp.net_signalrMatch1.1.2

microsoftasp.net_signalrMatch1.1.3

microsoftasp.net_signalrMatch2.0.0

microsoftvisual_studio_team_foundation_serverMatch2013

VendorProductVersionCPE
microsoftasp.net_signalr1.1.0cpe:2.3:a:microsoft:asp.net_signalr:1.1.0:*:*:*:*:*:*:*
microsoftasp.net_signalr1.1.1cpe:2.3:a:microsoft:asp.net_signalr:1.1.1:*:*:*:*:*:*:*
microsoftasp.net_signalr1.1.2cpe:2.3:a:microsoft:asp.net_signalr:1.1.2:*:*:*:*:*:*:*
microsoftasp.net_signalr1.1.3cpe:2.3:a:microsoft:asp.net_signalr:1.1.3:*:*:*:*:*:*:*
microsoftasp.net_signalr2.0.0cpe:2.3:a:microsoft:asp.net_signalr:2.0.0:*:*:*:*:*:*:*
microsoftvisual_studio_team_foundation_server2013cpe:2.3:a:microsoft:visual_studio_team_foundation_server:2013:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	asp.net_signalr	1.1.0	cpe:2.3:a:microsoft:asp.net_signalr:1.1.0:::::::*
microsoft	asp.net_signalr	1.1.1	cpe:2.3:a:microsoft:asp.net_signalr:1.1.1:::::::*
microsoft	asp.net_signalr	1.1.2	cpe:2.3:a:microsoft:asp.net_signalr:1.1.2:::::::*
microsoft	asp.net_signalr	1.1.3	cpe:2.3:a:microsoft:asp.net_signalr:1.1.3:::::::*
microsoft	asp.net_signalr	2.0.0	cpe:2.3:a:microsoft:asp.net_signalr:2.0.0:::::::*
microsoft	visual_studio_team_foundation_server	2013	cpe:2.3:a:microsoft:visual_studio_team_foundation_server:2013:::::::*