Jetty version 6.1.6 suffers from a cross site scripting vulnerability.
5a16f6df9887b8370e3580d8d5ebef0042e20e2a03a0475e679f35aa0a28c482
Title: Jetty 6.1.6 Cross-Site Scripting
Date: 8/14/2018
Author: 1N3@CrowdShield - https://crowdshield
Software Link: http://www.mortbay.org/jetty/
Tested on: Jetty 6.1.6 (other versions may also be vulnerable)
CVE: N/A
Background: Jetty 6.1.6 is vulnerable to Cross-Site Scripting (XSS)
which allows an attacker to inject malicious code into the affected
site.
An attacker can trigger the exploit by appending the following payload
to an affected web server which has an open directory listing enabled
(https://victim.com//..;/">").