On Tue, 21 Aug 2018 at 18:15, 1n3--- via Fulldisclosure < fulldisclosure@seclists.org> wrote:
> Title: Jetty 6.1.6 Cross-Site Scripting > Date: 8/14/2018 > Author: 1N3@CrowdShield - https://crowdshield.com > Software Link: http://www.mortbay.org/jetty/ > Tested on: Jetty 6.1.6 (other versions may also be vulnerable) > CVE: N/A > > Background: Jetty 6.1.6 is vulnerable to Cross-Site Scripting (XSS) > which allows an attacker to inject malicious code into the affected > site. > > An attacker can trigger the exploit by appending the following > payload to an affected web server which has an open directory listing > enabled (https://victim.com//..;/">"). > > Is this CVE-2009-1524? If so fixed in 6.1.17, April 2009. _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/