Cross-site Scripting Flaw in Jetty JSP Servlet Engine
CVE-2002-1533

Currently unrated

Key Information:

Vendor: Jetty
Status: Jetty
Vendor: CVE Published:; 31 March 2003

What is CVE-2002-1533?

The Jetty JSP servlet engine is susceptible to a cross-site scripting (XSS) vulnerability, which enables remote attackers to inject arbitrary HTML or scripts. This can be exploited via crafted HTTP requests to JSP files that contain malicious scripts combined with encoded linefeed characters (%0a). Attackers can manipulate the execution of script within the user's browser, potentially leading to data theft, session hijacking, or the distribution of malware.

References

http://archives.neohapsis.com/archives/bugtraq/2002-09/03...

mailing-listx_refsource_BUGTRAQ

http://www.iss.net/security_center/static/10219.php

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/5821

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Mar 31, 2003
Vulnerability Reserved
Feb 23, 2003