Jetty 6.1.6 Cross Site Scripting Vulnerability

2018-08-24
ID: 98968
CVE: None
Download vulnerable application: None
Title: Jetty 6.1.6 Cross-Site Scripting
Author: [email protected] - https://crowdshield
Software Link: http://www.mortbay.org/jetty/
Tested on: Jetty 6.1.6 (other versions may also be vulnerable)
CVE: N/A
 Background: Jetty 6.1.6 is vulnerable to Cross-Site Scripting (XSS)
which allows an attacker to inject malicious code into the affected
site. 
 An attacker can trigger the exploit by appending the following payload
to an affected web server which has an open directory listing enabled
(https://victim.com//..;/">").
1-4-2 (www01)