CVE-2019-10241 - AskarLabs CVE Database

CVE-2019-10241

Vendor The Eclipse Foundation

Product Eclipse Jetty

Weakness CWE-79 · XSS

Published April 22, 2019

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.

Key dates

02Disclosure timeline

April 22, 2019 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-10241 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-12804 Booking Calendar <= 10.14.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via bookingcalendar Shortcode CVE-2022-4615 Cross-site Scripting (XSS) - Reflected in openemr/openemr CVE-2024-1841 WPBakery Visual Composer <= 7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title tag attribute CVE-2025-7840 Campcodes Online Movie Theater Seat Reservation System Reserve Your Seat Page index.php cross site scripting CVE-2020-2017 PAN-OS: DOM-Based cross site scripting vulnerability in management web interface

Identifiers

CVE CVE-2019-10241

CWE CWE-79

Affected versions

Vendor The Eclipse Foundation

Product Eclipse Jetty

Affected ≥ unspecified and ≤ 9.2.26

Vendor The Eclipse Foundation

Product Eclipse Jetty

Affected ≥ unspecified and ≤ 9.3.25

Vendor The Eclipse Foundation

Product Eclipse Jetty

Affected ≥ unspecified and ≤ 9.4.15