Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft SignalR library crossite scripting
Published:16.12.2013
Source:
SecurityVulns ID:13457
Type:library
Threat Level:
5/10
Description:Forever Frame transport crossite scripting.
Affected:MICROSOFT : ASP.NET SignalR 2.0
CVE:CVE-2013-5042 (Cross-site scripting (XSS) vulnerability in Microsoft ASP.NET SignalR 1.1.x before 1.1.4 and 2.0.x before 2.0.1, and Visual Studio Team Foundation Server 2013, allows remote attackers to inject arbitrary web script or HTML via crafted Forever Frame transport protocol data, aka "SignalR XSS Vulnerability.")
Files:Microsoft Security Bulletin MS13-103 - Important Vulnerability in ASP.NET SignalR Could Allow Elevation of Privilege (2905244)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod