CVE-2002-1533 – org.mortbay.jetty:jetty

Package

Manager: maven
Name: org.mortbay.jetty:jetty
Vulnerable Version: >=0 <4.1.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.02914 pctl0.85854

Details

Jetty Javascript Inclusion Vulnerability Cross-site scripting (XSS) vulnerability in Jetty JSP servlet engine allows remote attackers to insert arbitrary HTML or script via an HTTP request to a .jsp file whose name contains the malicious script and some encoded linefeed characters (`%0a`).

Metadata

Created: 2022-04-30T18:21:21Z
Modified: 2024-02-12T20:43:18Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-5mq8-h82p-wjf2/GHSA-5mq8-h82p-wjf2.json
CWE IDs: ["CWE-80"]
Alternative ID: GHSA-5mq8-h82p-wjf2
Finding: F063
Auto approve: 1