WebApp JSP Snoop page XSS in jetty though 6.1.21.
CVSS Score
6.1
EPSS Score
0.011
Published
2019-11-06
Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
CVSS Score
5.3
EPSS Score
0.045
Published
2011-12-30
Multiple cross-site scripting (XSS) vulnerabilities in the WebApp JSP Snoop page in Mort Bay Jetty 6.1.x through 6.1.21 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) jspsnoop/, (2) jspsnoop/ERROR/, and (3) jspsnoop/IOException/, and possibly the PATH_INFO to (4) snoop.jsp.
CVSS Score
4.3
EPSS Score
0.003
Published
2010-01-13