Jetty version 6.1.6 suffers from a cross site scripting vulnerability.
5a16f6df9887b8370e3580d8d5ebef0042e20e2a03a0475e679f35aa0a28c482Title: Jetty 6.1.6 Cross-Site Scripting
Date: 8/14/2018
Author: 1N3@CrowdShield - https://crowdshield
Software Link: http://www.mortbay.org/jetty/
Tested on: Jetty 6.1.6 (other versions may also be vulnerable)
CVE: N/A
Background: Jetty 6.1.6 is vulnerable to Cross-Site Scripting (XSS)
which allows an attacker to inject malicious code into the affected
site.
An attacker can trigger the exploit by appending the following payload
to an affected web server which has an open directory listing enabled
(https://victim.com//..;/">").
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed