Jetty Cross Site Scripting and Information Disclosure Vulnerabilities

Jetty is prone to a cross-site scripting vulnerability and an information-disclosure vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and obtain sensitive information. Jetty 6.1.16 and prior versions are affected.
The vendor has released an update. See for more information.