CVE-2013-5042

Cross-site scripting (XSS) vulnerability in Microsoft ASP.NET SignalR 1.1.x before 1.1.4 and 2.0.x before 2.0.1, and Visual Studio Team Foundation Server 2013, allows remote attackers to inject arbitrary web script or HTML via crafted Forever Frame transport protocol data, aka "SignalR XSS Vulnerability."

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.securitytracker.com/id/1029463
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-103

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:asp.net_signalr:1.1.0:::::::*
	cpe:2.3:a:microsoft:asp.net_signalr:1.1.1:::::::*
	cpe:2.3:a:microsoft:asp.net_signalr:1.1.2:::::::*
	cpe:2.3:a:microsoft:asp.net_signalr:1.1.3:::::::*
	cpe:2.3:a:microsoft:asp.net_signalr:2.0.0:::::::*
	cpe:2.3:a:microsoft:visual_studio_team_foundation_server:2013:::::::*

History

No history.

Information

Published : 2013-12-11 00:55

Updated : 2024-02-04 18:16

NVD link : CVE-2013-5042

Mitre link : CVE-2013-5042

CVE.ORG link : CVE-2013-5042

JSON object : View

Products Affected

microsoft

asp.net_signalr
visual_studio_team_foundation_server

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2013-5042", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2013-12-11T00:55:03.803", "references": [{"url": "http://www.securitytracker.com/id/1029463", "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-103", "source": "secure@microsoft.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Microsoft ASP.NET SignalR 1.1.x before 1.1.4 and 2.0.x before 2.0.1, and Visual Studio Team Foundation Server 2013, allows remote attackers to inject arbitrary web script or HTML via crafted Forever Frame transport protocol data, aka \"SignalR XSS Vulnerability.\""}, {"lang": "es", "value": "Vulnerabilidad de XSS en Microsoft ASP.NET SignalR 1.1.x anterior a la versi\u00f3n 1.1.4 y 2.0.x anterior a 2.0.1, y Visual Studio Team Foundation Server 2013, permite a atacantes remotos inyectar script web arbitrario o HTML a trav\u00e9s del protocolo de transporte de datos Forever Frame manipulado, tambi\u00e9n conocido como \"Vulnerabilidad de XSS en SingnalR\"."}], "lastModified": "2018-10-12T22:05:21.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:asp.net_signalr:1.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7FC5AF51-C48C-4156-A3D4-82B396C6C53A"}, {"criteria": "cpe:2.3:a:microsoft:asp.net_signalr:1.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B0EF360-473C-441E-B3CF-C37C6C44348A"}, {"criteria": "cpe:2.3:a:microsoft:asp.net_signalr:1.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BBBE4448-A877-4077-A64F-5C30CFF25F9F"}, {"criteria": "cpe:2.3:a:microsoft:asp.net_signalr:1.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7144BB3A-5FEB-4C68-951F-DBA9B5FECA6C"}, {"criteria": "cpe:2.3:a:microsoft:asp.net_signalr:2.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0FF13F2D-209C-4C9D-BBD5-A5FA27C6B6CF"}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_team_foundation_server:2013:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FAC75929-19E1-4E44-A5C3-80C237C3013D"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}