Description

Cross-site scripting (XSS) vulnerability in the CookieDump.java sample application in Mort Bay Jetty 6.1.19 and 6.1.20 allows remote attackers to inject arbitrary web script or HTML via the Value parameter in a GET request to cookie/.

Remediation

References

http://www.coresecurity.com/content/jetty-persistent-xss

http://www.securityfocus.com/archive/1/507013/100/0/threaded

http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt

Related Vulnerabilities

CVE-2022-31129 Vulnerability in maven package org.webjars.bowergithub.moment:moment

CVE-2012-5784 Vulnerability in maven package axis:axis

CVE-2017-16144 Vulnerability in npm package myserver.alexcthomas18

CVE-2017-16210 Vulnerability in npm package jn_jj_server

CVE-2020-28469 Vulnerability in maven package org.webjars.npm:glob-parent

Severity

Critical

Classification

CWE-79

Tags

Exploit