CVE-2019-15477

MEDIUM

Jooby < 1.6.4 - Cross-Site Scripting via Default Error Handler

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-15477. PoCs published by epicosy.

AI-analyzed exploit summary This repository appears to be the main Jooby project source code, not an exploit PoC. It contains build scripts, documentation, and project metadata but no exploit code or vulnerability analysis related to CVE-2019-15477.

Description

Jooby before 1.6.4 has XSS via the default error handler.

Exploits (1)

nomisec STUB
by epicosy · poc
https://github.com/epicosy/jooby

This repository appears to be the main Jooby project source code, not an exploit PoC. It contains build scripts, documentation, and project metadata but no exploit code or vulnerability analysis related to CVE-2019-15477.

Classification
Stub 95%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Jooby (version not specified)
No auth needed
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://github.com/jooby-project/jooby/pull/1368

Scores

CVSS v3 6.1
EPSS 0.0032
EPSS Percentile 55.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (2)
jooby/jooby < 1.6.4
org.jooby/jooby 0 - 1.6.4Maven
Published Aug 23, 2019
Tracked Since Feb 18, 2026