125 matches found
CVE-2013-5042
Cross-site scripting XSS vulnerability in Microsoft ASP.NET SignalR 1.1.x before 1.1.4 and 2.0.x before 2.0.1, and Visual Studio Team Foundation Server 2013, allows remote attackers to inject arbitrary web script or HTML via crafted Forever Frame transport protocol data, aka "SignalR XSS...
MS13-103: Vulnerability in ASP.NET SignalR Could Allow Elevation of Privilege (2905244)
The remote host is running a version of ASP.NET SignalR that is affected by a cross-site scripting vulnerability that results in privilege escalation. An attacker who successfully exploited this vulnerability could take any action that the targeted user could take on the site. %NASLMINLEVEL 70300...
Microsoft VS Team Foundation Server SignalR XSS Vulnerability (2905244)
This host is missing an important security update according to Microsoft Bulletin MS13-103. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...
MS13-103: Vulnerability in ASP.NET SignalR could allow elevation of privilege: December 10, 2013
Resolves a vulnerability in ASP.NET SignalR that could allow elevation of privilege if an attacker reflects specially crafted JavaScript back to the browser of a targeted user.INTRODUCTIONMicrosoft has released security bulletin MS13-103. To view the complete security bulletin, visit one of the...
Microsoft ASP.NET SignalR CVE-2013-5042 Cross Site Scripting Vulnerability
Description Microsoft ASP.NET SignalR is prone to a cross-site scripting vulnerability because it fails to properly encode user input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This could allow...