GHSA-5mq8-h82p-wjf2, CVE-2002-1533
maven/org.mortbay.jetty/jetty
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in Jetty JSP servlet engine allows remote attackers to insert arbitrary HTML or script via an HTTP request to a .jsp file whose name contains the malicious script and some encoded linefeed characters (%0a).
All versions before 4.1.1
Upgrade to version 4.1.1 or above.
2024-02-13
source |