CVE-2013-5042

Name of the Vulnerable Software and Affected Versions Microsoft ASP.NET SignalR versions 1.1.x through 1.1.3 Microsoft ASP.NET SignalR versions 2.0.x through 2.0.0 Visual Studio Team Foundation Server version 2013

Description The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability can be exploited by a remote attacker to inject arbitrary web script or HTML via crafted Forever Frame transport protocol data. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For Microsoft ASP.NET SignalR versions 1.1.x through 1.1.3, update to version 1.1.4 or later. For Microsoft ASP.NET SignalR versions 2.0.x through 2.0.0, update to version 2.0.1 or later. For Visual Studio Team Foundation Server version 2013, consider disabling the Forever Frame transport protocol as a temporary workaround until a patch is available.