CVE-2013-5042

Currently unrated

Key Information:

Vendor: Microsoft
Status: Asp.net Signalr; Visual Studio Team Foundation Server
Vendor: CVE Published:; 11 December 2013

Summary

Cross-site scripting (XSS) vulnerability in Microsoft ASP.NET SignalR 1.1.x before 1.1.4 and 2.0.x before 2.0.1, and Visual Studio Team Foundation Server 2013, allows remote attackers to inject arbitrary web script or HTML via crafted Forever Frame transport protocol data, aka "SignalR XSS Vulnerability."

References

http://www.securitytracker.com/id/1029463

vdb-entryx_refsource_SECTRACK

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

79% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 11, 2013
Vulnerability Reserved
Aug 6, 2013

Collectors

NVD DatabaseMitre Database