This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2013-12-10
Product Asp.Net Signalr Last view 2013-12-10
Version Type
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:microsoft:asp.net_signalr:1.1.3:*:*:*:*:*:*:* 1
cpe:2.3:a:microsoft:asp.net_signalr:1.1.0:*:*:*:*:*:*:* 1
cpe:2.3:a:microsoft:asp.net_signalr:2.0.0:*:*:*:*:*:*:* 1
cpe:2.3:a:microsoft:asp.net_signalr:1.1.2:*:*:*:*:*:*:* 1
cpe:2.3:a:microsoft:asp.net_signalr:1.1.1:*:*:*:*:*:*:* 1

Related : CVE

  Date Alert Description
4.3 2013-12-10 CVE-2013-5042

Cross-site scripting (XSS) vulnerability in Microsoft ASP.NET SignalR 1.1.x before 1.1.4 and 2.0.x before 2.0.1, and Visual Studio Team Foundation Server 2013, allows remote attackers to inject arbitrary web script or HTML via crafted Forever Frame transport protocol data, aka "SignalR XSS Vulnerability."

CWE : Common Weakness Enumeration

%idName
100% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')

Oval Markup Language : Definitions

OvalID Name
oval:org.mitre.oval:def:20798 SignalR XSS Vulnerability (CVE-2013-5042) - MS13-103

Information Assurance Vulnerability Management (IAVM)

id Description
2013-A-0224 Microsoft ASP.NET SignalR Privilege Escalation Vulnerability
Severity: Category II - VMSKEY: V0042590

Nessus® Vulnerability Scanner

id Description
2013-12-11 Name: The remote host has an application that is affected by a cross-site scripting...
File: smb_nt_ms13-103.nasl - Type: ACT_GATHER_INFO