Today is Patch Tuesday, and the ASP.NET team would like to announce that we have two items included in this month’s release. The first is a bulletin affecting certain versions of SignalR; the second is an advisory affecting ASP.NET Web Forms (.aspx) applications. Each item is briefly outlined below. For more information, consult Security TechCenter for this month’s releases. Cross-site scripting (XSS) vulnerability in ASP.NET SignalR Main article: Bulletin MS13-103 ( KB 2905244 ) Some versions of ASP.NET SignalR contain a bug which could under certain circumstances allow an attacker to run arbitrary JavaScript in the context of a site visitor’s browser. This is an example of a cross-site scripting (XSS) attack . Action items If your web application...(read more)
Go to the complete details ...