Description

Cross-site scripting (XSS) vulnerability in the CookieDump.java sample application in Mort Bay Jetty 6.1.19 and 6.1.20 allows remote attackers to inject arbitrary web script or HTML via the Value parameter in a GET request to cookie/.

Remediation

References

http://www.coresecurity.com/content/jetty-persistent-xss

http://www.securityfocus.com/archive/1/507013/100/0/threaded

http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt

Related Vulnerabilities

CVE-2021-43309 Vulnerability in npm package uri-template-lite

CVE-2022-38900 Vulnerability in npm package decode-uri-component

CVE-2019-14862 Vulnerability in maven package li.rudin.mavenjs:knockout

CVE-2018-16491 Vulnerability in maven package org.webjars.npm:node.extend

CVE-2020-28487 Vulnerability in maven package org.webjars.bowergithub.visjs:vis-timeline

Severity

Critical

Classification

CWE-79

Tags

Exploit