Title: Jetty 6.1.6 Cross-Site Scripting Date: 8/14/2018 Author: 1N3@CrowdShield - https://crowdshield.com Software Link: http://www.mortbay.org/jetty/ Tested on: Jetty 6.1.6 (other versions may also be vulnerable) CVE: N/A
Background: Jetty 6.1.6 is vulnerable to Cross-Site Scripting (XSS) which allows an attacker to inject malicious code into the affected site. An attacker can trigger the exploit by appending the following payload to an affected web server which has an open directory listing enabled (https://victim.com//..;/";>"). _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
