CVE-2013-5042

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

C

ross-site scripting (XSS) vulnerability in Microsoft ASP.NET SignalR 1.1.x before 1.1.4 and 2.0.x before 2.0.1, and Visual Studio Team Foundation Server 2013, allows remote attackers to inject arbitrary web script or HTML via crafted Forever Frame transport protocol data, aka "SignalR XSS Vulnerability."

References

Link	Resource
http://www.securitytracker.com/id/1029463
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-103
http://www.securitytracker.com/id/1029463
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-103

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:asp.net_signalr:1.1.0:::::::*
	cpe:2.3:a:microsoft:asp.net_signalr:1.1.1:::::::*
	cpe:2.3:a:microsoft:asp.net_signalr:1.1.2:::::::*
	cpe:2.3:a:microsoft:asp.net_signalr:1.1.3:::::::*
	cpe:2.3:a:microsoft:asp.net_signalr:2.0.0:::::::*
	cpe:2.3:a:microsoft:visual_studio_team_foundation_server:2013:::::::*

History

21 Nov 2024, 01:56

Type	Values Removed	Values Added
References	~~() http://www.securitytracker.com/id/1029463 -~~	() http://www.securitytracker.com/id/1029463 -
References	~~() https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-103 -~~	() https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-103 -

Information

Published : 2013-12-11 00:55

Updated : 2025-04-11 00:51

NVD link : CVE-2013-5042

Mitre link : CVE-2013-5042

CVE.ORG link : CVE-2013-5042

JSON object : View

Products Affected

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2013-5042", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2013-12-11T00:55:03.803", "references": [{"url": "http://www.securitytracker.com/id/1029463", "source": "[email protected]"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-103", "source": "[email protected]"}, {"url": "http://www.securitytracker.com/id/1029463", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-103", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Microsoft ASP.NET SignalR 1.1.x before 1.1.4 and 2.0.x before 2.0.1, and Visual Studio Team Foundation Server 2013, allows remote attackers to inject arbitrary web script or HTML via crafted Forever Frame transport protocol data, aka \"SignalR XSS Vulnerability.\""}, {"lang": "es", "value": "Vulnerabilidad de XSS en Microsoft ASP.NET SignalR 1.1.x anterior a la versi\u00f3n 1.1.4 y 2.0.x anterior a 2.0.1, y Visual Studio Team Foundation Server 2013, permite a atacantes remotos inyectar script web arbitrario o HTML a trav\u00e9s del protocolo de transporte de datos Forever Frame manipulado, tambi\u00e9n conocido como \"Vulnerabilidad de XSS en SingnalR\"."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:asp.net_signalr:1.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7FC5AF51-C48C-4156-A3D4-82B396C6C53A"}, {"criteria": "cpe:2.3:a:microsoft:asp.net_signalr:1.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B0EF360-473C-441E-B3CF-C37C6C44348A"}, {"criteria": "cpe:2.3:a:microsoft:asp.net_signalr:1.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BBBE4448-A877-4077-A64F-5C30CFF25F9F"}, {"criteria": "cpe:2.3:a:microsoft:asp.net_signalr:1.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7144BB3A-5FEB-4C68-951F-DBA9B5FECA6C"}, {"criteria": "cpe:2.3:a:microsoft:asp.net_signalr:2.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0FF13F2D-209C-4C9D-BBD5-A5FA27C6B6CF"}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_team_foundation_server:2013:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FAC75929-19E1-4E44-A5C3-80C237C3013D"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}