CVE-2009-4610

Mort Bay Jetty 6.x-7.0.0 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in Mort Bay Jetty 6.x and 7.0.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to jsp/dump.jsp in the JSP Dump feature, or the (2) Name or (3) Value parameter to the default URI for the Session Dump Servlet under session/.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Antonion Parata · textwebappsjsp
https://www.exploit-db.com/exploits/9887

References (1)

Scores

EPSS 0.0039
EPSS Percentile 59.6%

Classification

CWE
CWE-79
Status published

Affected Products (50)

mortbay/jetty
mortbay/jetty
mortbay/jetty
mortbay/jetty
mortbay/jetty
mortbay/jetty
mortbay/jetty
mortbay/jetty
mortbay/jetty
mortbay/jetty
mortbay/jetty
mortbay/jetty
mortbay/jetty
mortbay/jetty
mortbay/jetty
... and 35 more

Timeline

Published Jan 13, 2010
Tracked Since Feb 18, 2026