Cross site scripting

2010-01-1320:30:00

PRIOn knowledge base

www.prio-n.com

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

42.2%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the WebApp JSP Snoop page in Mort Bay Jetty 6.1.x through 6.1.21 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) jspsnoop/, (2) jspsnoop/ERROR/, and (3) jspsnoop/IOException/, and possibly the PATH_INFO to (4) snoop.jsp.

CPENameOperatorVersion
jettyeq6.1.5
jettyeq6.1.0
jettyeq6.1.12 rc3
jettyeq6.1.0 pre3
jettyeq6.1.0 rc1
jettyeq6.1.15 pre0
jettyeq6.1.14
jettyeq6.1.11
jettyeq6.1.0 rc0
jettyeq6.1.4 rc1

Name	Operator	Version
jetty	eq	6.1.5
jetty	eq	6.1.0
jetty	eq	6.1.12 rc3
jetty	eq	6.1.0 pre3
jetty	eq	6.1.0 rc1
jetty	eq	6.1.15 pre0
jetty	eq	6.1.14
jetty	eq	6.1.11
jetty	eq	6.1.0 rc0
jetty	eq	6.1.4 rc1