Vulnerability Description
Cross-site scripting (XSS) vulnerability in Microsoft ASP.NET SignalR 1.1.x before 1.1.4 and 2.0.x before 2.0.1, and Visual Studio Team Foundation Server 2013, allows remote attackers to inject arbitrary web script or HTML via crafted Forever Frame transport protocol data, aka "SignalR XSS Vulnerability."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Asp.Net Signalr | 1.1.0 |
| Microsoft | Visual Studio Team Foundation Server | 2013 |
Related Weaknesses (CWE)
References
- http://www.securitytracker.com/id/1029463
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-10
- http://www.securitytracker.com/id/1029463
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-10
FAQ
What is CVE-2013-5042?
CVE-2013-5042 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in Microsoft ASP.NET SignalR 1.1.x before 1.1.4 and 2.0.x before 2.0.1, and Visual Studio Team Foundation Server 2013, allows remote attackers to inject arbitr...
How severe is CVE-2013-5042?
CVE-2013-5042 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-5042?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Asp.Net Signalr, Microsoft Visual Studio Team Foundation Server.