Eclipse Jetty XSS Vulnerability - CVE-2019-17632 (Windows)
- CVSSv3 Score
- Vulnerability description
Eclipse Jetty is prone to a cross-site scripting vulnerability.
- Risk description
The generic ErrorHandler within Jetty will produce a text/html or text/json response containing the Stacktrace of the unhandled error it encounters. This stacktrace is not properly escaped and can be used as an XSS attack vector by a skilled adversary.
Update to version 9.4.24.v20191120 or later.
- Not available