CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2009-5046
https://notcve.org/view.php?id=CVE-2009-5046
JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22. Una vulnerabilidad de tipo XSS de JSP Dump y Session Dump Servlet en jetty versiones anteriores a la versión 6.1.22. • http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt https://security-tracker.debian.org/tracker/CVE-2009-5046 https://www.openwall.com/lists/oss-security/2011/01/14/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2009-5045
https://notcve.org/view.php?id=CVE-2009-5045
Dump Servlet information leak in jetty before 6.1.22. Un volcado de información del servlet en jetty versiones anteriores a la versión 6.1.22. • http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt https://security-tracker.debian.org/tracker/CVE-2009-5045 https://www.openwall.com/lists/oss-security/2011/01/14/2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2009-5049
https://notcve.org/view.php?id=CVE-2009-5049
WebApp JSP Snoop page XSS in jetty though 6.1.21. Una vulnerabilidad de tipo XSS de la página WebSpp JSP Snoop en jetty versiones hasta 6.1.21. • http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt https://security-tracker.debian.org/tracker/CVE-2009-5049 https://www.openwall.com/lists/oss-security/2011/01/14/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2009-5048
https://notcve.org/view.php?id=CVE-2009-5048
Cookie Dump Servlet stored XSS vulnerability in jetty though 6.1.20. Una vulnerabilidad de tipo XSS almacenado en Cookie Dump Servlet en jetty versiones hasta 6.1.20. • http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt https://security-tracker.debian.org/tracker/CVE-2009-5048 https://www.openwall.com/lists/oss-security/2011/01/14/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 139EXPL: 0CVE-2019-10241 – jetty: using specially formatted URL against DefaultServlet or ResourceHandler leads to XSS conditions
https://notcve.org/view.php?id=CVE-2019-10241
In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents. Eclipse Jetty versiones 9.2.26 y anteriores, 9.3.25 y anteriores, 9.3.25 y anteriores, y 9.4.15 y anteriores. El servidor es vulnerable a un Cross-Site Scripting (XSS) si un cliente remoto emplea una URL especialmente formada contra el DefaultServlet o ResourceHandler que esté configurado para mostrar un listado del contenido de los directorios. • https://bugs.eclipse.org/bugs/show_bug.cgi?id=546121 https://lists.apache.org/thread.html/01e004c3f7c7365863a27e7038b7f32dae56ccf3a496b277c9b7f7b6%40%3Cjira.kafka.apache.org%3E https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E https://lists.apache.org/thread.html/464892b514c029dfc0c8656a93e1c0de983c473df70fdadbd224e09f%40%3Cjira.kafka.apache.org%3E https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E https://lists.apache& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •