CVE-2013-5042

2013-12-1100:55:03

CWE-79

[email protected]

web.nvd.nist.gov

cve-2013-5042

cross-site scripting

xss vulnerability

microsoft asp.net signalr

remote attackers

forever frame

visual studio team foundation server 2013

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.1 Medium

AI Score

Confidence

High

0.573 Medium

EPSS

Percentile

97.7%

JSON

Cross-site scripting (XSS) vulnerability in Microsoft ASP.NET SignalR 1.1.x before 1.1.4 and 2.0.x before 2.0.1, and Visual Studio Team Foundation Server 2013, allows remote attackers to inject arbitrary web script or HTML via crafted Forever Frame transport protocol data, aka “SignalR XSS Vulnerability.”

Affected configurations

NVD

Node

microsoftasp.net_signalrMatch1.1.0

microsoftasp.net_signalrMatch1.1.1

microsoftasp.net_signalrMatch1.1.2

microsoftasp.net_signalrMatch1.1.3

microsoftasp.net_signalrMatch2.0.0

microsoftvisual_studio_team_foundation_serverMatch2013

CPENameOperatorVersion
microsoft:asp.net_signalrmicrosoft asp.net signalreq1.1.0
microsoft:asp.net_signalrmicrosoft asp.net signalreq1.1.1
microsoft:asp.net_signalrmicrosoft asp.net signalreq1.1.2
microsoft:asp.net_signalrmicrosoft asp.net signalreq1.1.3
microsoft:asp.net_signalrmicrosoft asp.net signalreq2.0.0
microsoft:visual_studio_team_foundation_servermicrosoft visual studio team foundation servereq2013

CPE	Name	Operator	Version
microsoft:asp.net_signalr	microsoft asp.net signalr	eq	1.1.0
microsoft:asp.net_signalr	microsoft asp.net signalr	eq	1.1.1
microsoft:asp.net_signalr	microsoft asp.net signalr	eq	1.1.2
microsoft:asp.net_signalr	microsoft asp.net signalr	eq	1.1.3
microsoft:asp.net_signalr	microsoft asp.net signalr	eq	2.0.0
microsoft:visual_studio_team_foundation_server	microsoft visual studio team foundation server	eq	2013