GHSA-8h77-9vh5-hw5g

Source

https://github.com/advisories/GHSA-8h77-9vh5-hw5g

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8h77-9vh5-hw5g/GHSA-8h77-9vh5-hw5g.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-8h77-9vh5-hw5g

Aliases

CVE-2007-5613

Published

2022-05-01T18:35:00Z

Modified

2023-11-08T03:56:48.926359Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

Mortbay Jetty vulnerable to Cross-site scripting

Details

Cross-site scripting (XSS) vulnerability in Dump Servlet in Mortbay Jetty before 6.1.6rc1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters and cookies.

Database specific

{
    "nvd_published_at": "2007-12-05T11:46:00Z",
    "github_reviewed_at": "2022-06-07T23:53:04Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-79"
    ]
}

References

Affected packages

Maven / org.mortbay.jetty:jetty

Package

Name: org.mortbay.jetty:jetty; View open source insights on deps.dev
Purl: pkg:maven/org.mortbay.jetty/jetty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.6

Affected versions

4.*

4.1-rc1

4.1-rc6

4.2.2

4.2.3

4.2.9

4.2.10

4.2.12

6.*

6.0.0Beta1

6.0.0beta1

6.0.0beta2

6.0.0beta3

6.0.0beta4

6.0.0beta5

6.0.0beta6

6.0.0beta7

6.0.0beta8

6.0.0beta9

6.0.0beta10

6.0.0beta11

6.0.0beta12

6.0.0beta14

6.0.0beta15

6.0.0beta16

6.0.0beta17

6.0.0rc0

6.0.0rc1

6.0.0rc2

6.0.0rc3

6.0.0rc4

6.0.0

6.0.1

6.0.2

6.1.0rc0

6.1.0rc1

6.1.0rc2

6.1.0rc3

6.1.0

6.1H.4-beta

6.1H.4rc1

6.1H.5-beta

6.1H.6

6.1H.7

6.1H.8

6.1H.10

6.1H.14

6.1H.14.1

6.1H.22

6.1.0pre0

6.1.0pre1

6.1.0pre2

6.1.0pre3

6.1.1rc0

6.1.1rc1

6.1.1

6.1.2rc0

6.1.2rc1

6.1.2rc2

6.1.2rc4

6.1.2rc5

6.1.2

6.1.2pre0

6.1.2pre1

6.1.3

6.1.4rc0

6.1.4rc1

6.1.4

6.1.5rc0

6.1.5

6.1.6rc0

6.1.6rc1