Description

Cross-site scripting (XSS) vulnerability in the CookieDump.java sample application in Mort Bay Jetty 6.1.19 and 6.1.20 allows remote attackers to inject arbitrary web script or HTML via the Value parameter in a GET request to cookie/.

Remediation

References

http://www.coresecurity.com/content/jetty-persistent-xss

http://www.securityfocus.com/archive/1/507013/100/0/threaded

http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt

Related Vulnerabilities

CVE-2020-17519 Vulnerability in maven package org.apache.flink:flink-runtime_2.12

CVE-2022-34114 Vulnerability in maven package io.dataease:dataease-plugin-common

CVE-2021-3645 Vulnerability in npm package @viking04/merge

CVE-2017-17068 Vulnerability in maven package org.webjars.npm:auth0-js

CVE-2018-14042 Vulnerability in maven package org.webjars:bootstrap-sass

Severity

Critical

Classification

CWE-79

Tags

Exploit