Full Disclosure mailing list archives
Re: Jetty 6.1.6 Cross-Site Scripting (XSS)
From: Simon Waters <simon.waters () surevine com>
Date: Thu, 23 Aug 2018 10:00:26 +0100
On Tue, 21 Aug 2018 at 18:15, 1n3--- via Fulldisclosure < fulldisclosure () seclists org> wrote:
Title: Jetty 6.1.6 Cross-Site Scripting Date: 8/14/2018 Author: 1N3@CrowdShield - https://crowdshield.com Software Link: http://www.mortbay.org/jetty/ Tested on: Jetty 6.1.6 (other versions may also be vulnerable) CVE: N/A Background: Jetty 6.1.6 is vulnerable to Cross-Site Scripting (XSS) which allows an attacker to inject malicious code into the affected site. An attacker can trigger the exploit by appending the following payload to an affected web server which has an open directory listing enabled (https://victim.com//..;/">").
Is this CVE-2009-1524? If so fixed in 6.1.17, April 2009. _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Jetty 6.1.6 Cross-Site Scripting (XSS) 1n3--- via Fulldisclosure (Aug 21)
- Re: Jetty 6.1.6 Cross-Site Scripting (XSS) Simon Waters (Aug 24)
- Re: Jetty 6.1.6 Cross-Site Scripting (XSS) 1n3--- via Fulldisclosure (Aug 24)
- Re: Jetty 6.1.6 Cross-Site Scripting (XSS) Simon Waters (Aug 24)
- Re: Jetty 6.1.6 Cross-Site Scripting (XSS) 1n3--- via Fulldisclosure (Aug 24)
- Re: Jetty 6.1.6 Cross-Site Scripting (XSS) 1n3--- via Fulldisclosure (Aug 24)
- Re: Jetty 6.1.6 Cross-Site Scripting (XSS) Simon Waters (Aug 24)