SUSE CVE-2007-5613

Cross-site scripting XSS vulnerability in Dump Servlet in Mortbay Jetty before 6.1.6rc1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters and cookies...

GHSA-6JXP-7G74-2RC3 Improper input validation in Mort Bay Jetty

Mort Bay Jetty 6.x through 6.1.22 and 7.0.0 writes backtrace data without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal...

GHSA-8H77-9VH5-HW5G Mortbay Jetty vulnerable to Cross-site scripting

Cross-site scripting XSS vulnerability in Dump Servlet in Mortbay Jetty before 6.1.6rc1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters and cookies...

CVE-2009-5047

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-4611. Reason: This candidate is a duplicate of CVE-2009-4611. Notes: All CVE users should reference CVE-2009-4611 rather than this candidate. All references and descriptions in this candidate have been removed to prevent...

PT-2019-6517 · Eclipse · Jetty

Name of the Vulnerable Software and Affected Versions: Jetty versions 6.x through 6.1.21 Description: The issue concerns an escape sequence injection vulnerability that can be exploited through two vectors: the "Cookie Dump Servlet" and the HTTP Content-Length header. Specifically, a POST request...

Eclipse Jetty Cross-Site Scripting Vulnerability (CNVD-2019-42375)

Eclipse Jetty is the Eclipse Foundation of an open source , Java-based Web server and Java Servlet container . A cross-site scripting vulnerability exists in the Cookie Dump Servlet in Eclipse Jetty versions prior to 6.1.22. The vulnerability stems from a lack of proper validation of client-side...

Eclipse Jetty Cross-Site Scripting Vulnerability (CNVD-2019-42378)

Eclipse Jetty is the Eclipse Foundation of an open source , Java-based Web server and Java Servlet container . A cross-site scripting vulnerability exists in the JSP Dump and Session Dump Servlets in Eclipse Jetty versions prior to 6.1.22. The vulnerability stems from a lack of proper validation ...

Eclipse Jetty Information Disclosure Vulnerability

Eclipse Jetty is the Eclipse Foundation of an open source , Java-based Web server and Java Servlet container . An information disclosure vulnerability exists in Dump Servlet in Eclipse Jetty versions prior to 6.1.22. The vulnerability stems from errors such as configuration during operation of a...

CVE-2009-5045

Dump Servlet information leak in jetty before 6.1.22...

Design/Logic Flaw

JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22...

CVE-2009-5048

Cookie Dump Servlet stored XSS vulnerability in jetty though 6.1.20...

Cross site scripting

Cookie Dump Servlet stored XSS vulnerability in jetty though 6.1.20...

CVE-2009-5048

Cookie Dump Servlet stored XSS vulnerability in jetty though 6.1.20...

Cross-Site Scripting (XSS)

Mortbay Jetty test web-app is vulnerable to cross-site scripting. The Dump Servlet does not output-sanitise before displaying on a user's browser. This allows a remote attacker to inject arbitrary Javascript into a victim's browser to steal session tokens or perform unwanted actions on behalf of...

jetty 6.x - 7.x xss, information disclosure, injection

No description provided by source. Jetty 6.x and 7.x Multiple Vulnerabilities Name Multiple Vulnerabilities in Jetty Systems Affected Jetty 7.0.0 and earlier versions Severity Medium Impact CVSSv2 Medium 5/10, vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Vendor http://www.mortbay.org/jetty/ Advisory...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Mort Bay Jetty 6.x and 7.0.0 allow remote attackers to inject arbitrary web script or HTML via 1 the query string to jsp/dump.jsp in the JSP Dump feature, or the 2 Name or 3 Value parameter to the default URI for the Session Dump Servlet under...

CVE-2009-4610

Multiple cross-site scripting XSS vulnerabilities in Mort Bay Jetty 6.x and 7.0.0 allow remote attackers to inject arbitrary web script or HTML via 1 the query string to jsp/dump.jsp in the JSP Dump feature, or the 2 Name or 3 Value parameter to the default URI for the Session Dump Servlet under...

Cross site scripting

Cross-site scripting XSS vulnerability in Dump Servlet in Mortbay Jetty before 6.1.6rc1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters and cookies...

Mort Bay Jetty Dump Servlet (webapps/test/jsp/dump.jsp) XSS

The remote instance of Mort Bay Jetty includes a test servlet, 'webapps/test/jsp/dump.jsp', that fails to sanitize user-supplied input before using it to generate dynamic content. An unauthenticated, remote attacker may be able to leverage this issue to inject arbitrary HTML or script code into a...