Title: Jetty 6.1.6 Cross-Site Scripting
Date: 8/14/2018
Author: 1N3@CrowdShield - https://crowdshield
Software Link: http://www.mortbay.org/jetty/
Tested on: Jetty 6.1.6 (other Title: Jetty 6.1.6 Cross-Site Scripting
Date: 8/14/2018
Author: 1N3@CrowdShield - https://crowdshield
Software Link: http://www.mortbay.org/jetty/
Tested on: Jetty 6.1.6 (other versions may also be vulnerable)
CVE: N/A

Background: Jetty 6.1.6 is vulnerable to Cross-Site Scripting (XSS)
which allows an attacker to inject malicious code into the affected
site.

An attacker can trigger the exploit by appending the following payload
to an affected web server which has an open directory listing enabled
(https://victim.com//..;/">").