cbcvebase.
CVE-2013-5042
published 2013-12-11

CVE-2013-5042: Cross-site scripting (XSS) vulnerability in Microsoft ASP.NET SignalR 1.1.x before 1.1.4 and 2.0.x before 2.0.1, and Visual Studio Team Foundation Server 2013…

PriorityP424medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
11.69%
95.5th percentile
Cross-site scripting (XSS) vulnerability in Microsoft ASP.NET SignalR 1.1.x before 1.1.4 and 2.0.x before 2.0.1, and Visual Studio Team Foundation Server 2013, allows remote attackers to inject arbitrary web script or HTML via crafted Forever Frame transport protocol data, aka "SignalR XSS Vulnerability."

Affected

6 ranges
VendorProductVersion rangeFixed in
microsoftasp.net_signalr
microsoftasp.net_signalr
microsoftasp.net_signalr
microsoftasp.net_signalr
microsoftasp.net_signalr
microsoftvisual_studio_team_foundation_server
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.