Description
Multiple cross-site scripting (XSS) vulnerabilities in Mort Bay Jetty 6.x and 7.0.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to jsp/dump.jsp in the JSP Dump feature, or the (2) Name or (3) Value parameter to the default URI for the Session Dump Servlet under session/.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Antonion Parata · textwebappsjsp
https://www.exploit-db.com/exploits/9887
References (1)
Core 1
Core References
Exploit x_refsource_misc
http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
Scores
EPSS
0.0039
EPSS Percentile
60.0%
Details
CWE
CWE-79
Status
published
Products (6)
mortbay/jetty
6.0.0 (28 CPE variants)
mortbay/jetty
6.0.1
mortbay/jetty
6.0.2
mortbay/jetty
6.1.0 (9 CPE variants)
mortbay/jetty
6.1.1 (2 CPE variants)
mortbay/jetty
6.1.2 (9 CPE variants)
Published
Jan 13, 2010
Tracked Since
Feb 18, 2026