Microsoft.AspNet.SignalR is vulnerable to cross-site scripting (XSS) attack. The application does not properly sanitize user-supplied input before displaying it. This can allow a malicious user to inject and execute arbitrary code in the target user’s browser which can lead to access to authentication cookies that can allow a user to elevate their privileges as well. This vulnerability also affects Visual Studio Team Foundation Server 2013.