Cross-site scripting (XSS) vulnerability in Jetty JSP servlet engine allows remote attackers to insert arbitrary HTML or script via an HTTP request to a .jsp file whose name contains the malicious script and some encoded linefeed characters (%0a).
| CVE ID | Name | Status | References |
|---|---|---|---|
| CVE-2002-1533 | Cross-site scripting (XSS) vulnerability in Jetty JSP servlet engine allows remote attackers to insert arbitrary HTML or script via an HTTP request to a .jsp file whose name contains the malicious script and some encoded linefeed characters (%0a). |
Proposed (20030317) | BID:5821 | URL:http://www.securityfocus.com/bid/5821 | BUGTRAQ:20020928 Jetty jsp/servlet engine xss / uname disclosure vuln | URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0337.html | XF:jetty-http-xss(10219) | URL:http://www.iss.net/security_center/static/10219.php |
Page created: