CVE-2009-5046 — Cross-site Scripting in Jetty

Severity

6.1MEDIUMNVD

EPSS

1.0%

top 22.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedNov 6

Latest updateApr 21

Description

JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

▶NVDeclipse/jetty< 6.1.22

Also affects: Debian Linux 8.0

GHSA

GHSA-x7cv-v7gm-9r2x: JSP Dump and Session Dump Servlet XSS in jetty before 6↗2022-04-21

▶

CVEList

CVE-2009-5046: JSP Dump and Session Dump Servlet XSS in jetty before 6↗2019-11-06

▶