CVE-2009-4612
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
13/01/2010
Last modified:
09/04/2025
Description
Multiple cross-site scripting (XSS) vulnerabilities in the WebApp JSP Snoop page in Mort Bay Jetty 6.1.x through 6.1.21 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) jspsnoop/, (2) jspsnoop/ERROR/, and (3) jspsnoop/IOException/, and possibly the PATH_INFO to (4) snoop.jsp.
Impact
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:mortbay:jetty:6.1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mortbay:jetty:6.1.0:pre0:*:*:*:*:*:* | ||
| cpe:2.3:a:mortbay:jetty:6.1.0:pre1:*:*:*:*:*:* | ||
| cpe:2.3:a:mortbay:jetty:6.1.0:pre2:*:*:*:*:*:* | ||
| cpe:2.3:a:mortbay:jetty:6.1.0:pre3:*:*:*:*:*:* | ||
| cpe:2.3:a:mortbay:jetty:6.1.0:rc0:*:*:*:*:*:* | ||
| cpe:2.3:a:mortbay:jetty:6.1.0:rc1:*:*:*:*:*:* | ||
| cpe:2.3:a:mortbay:jetty:6.1.0:rc2:*:*:*:*:*:* | ||
| cpe:2.3:a:mortbay:jetty:6.1.0:rc3:*:*:*:*:*:* | ||
| cpe:2.3:a:mortbay:jetty:6.1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mortbay:jetty:6.1.1:rc0:*:*:*:*:*:* | ||
| cpe:2.3:a:mortbay:jetty:6.1.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mortbay:jetty:6.1.2:pre0:*:*:*:*:*:* | ||
| cpe:2.3:a:mortbay:jetty:6.1.2:pre1:*:*:*:*:*:* | ||
| cpe:2.3:a:mortbay:jetty:6.1.2:rc0:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page