Unrated severityNVD Advisory· Published Dec 11, 2013· Updated Apr 29, 2026

CVE-2013-5042

Description

Cross-site scripting (XSS) vulnerability in Microsoft ASP.NET SignalR 1.1.x before 1.1.4 and 2.0.x before 2.0.1, and Visual Studio Team Foundation Server 2013, allows remote attackers to inject arbitrary web script or HTML via crafted Forever Frame transport protocol data, aka "SignalR XSS Vulnerability."

Affected products

Microsoft/Asp.net Signalr5 versions
cpe:2.3:a:microsoft:asp.net_signalr:1.1.0:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:microsoft:asp.net_signalr:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:asp.net_signalr:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:asp.net_signalr:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:asp.net_signalr:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:asp.net_signalr:2.0.0:*:*:*:*:*:*:*
Microsoft/Visual Studio Team Foundation Server
cpe:2.3:a:microsoft:visual_studio_team_foundation_server:2013:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.008
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000