Jetty 6.1.6 Cross Site Scripting

Jetty version 6.1.6 suffers from a cross site scripting vulnerability.


MD5 | b8448b99415e5f600db3cf74c918bfe2

Title: Jetty 6.1.6 Cross-Site Scripting
Date: 8/14/2018
Author: 1N3@CrowdShield - https://crowdshield
Software Link: http://www.mortbay.org/jetty/
Tested on: Jetty 6.1.6 (other versions may also be vulnerable)
CVE: N/A

Background: Jetty 6.1.6 is vulnerable to Cross-Site Scripting (XSS)
which allows an attacker to inject malicious code into the affected
site.

An attacker can trigger the exploit by appending the following payload
to an affected web server which has an open directory listing enabled
(https://victim.com//..;/">").

Related Posts