Multiple cross-site scripting (XSS) vulnerabilities in the WebApp JSP Snoop page in Mort Bay Jetty 6.1.x up to and including 6.1.21 allow remote malicious users to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) jspsnoop/, (2) jspsnoop/ERROR/, and (3) jspsnoop/IOException/, and possibly the PATH_INFO to (4) snoop.jsp.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mortbay jetty 6.1.15 |
||
mortbay jetty 6.1.12 |
||
mortbay jetty 6.1.14 |
||
mortbay jetty 6.1.6 |
||
mortbay jetty 6.1.5 |
||
mortbay jetty 6.1.2 |
||
mortbay jetty 6.1.1 |
||
mortbay jetty 6.1.16 |
||
mortbay jetty 6.1.7 |
||
mortbay jetty 6.1.20 |
||
mortbay jetty 6.1.0 |
||
mortbay jetty 6.1.21 |
||
mortbay jetty 6.1.9 |
||
mortbay jetty 6.1.10 |
||
mortbay jetty 6.1.4 |
||
mortbay jetty 6.1.3 |
||
mortbay jetty 6.1.19 |
||
mortbay jetty 6.1.11 |
||
mortbay jetty 6.1.8 |