Description
Cross-site scripting (XSS) vulnerability in the CookieDump.java sample application in Mort Bay Jetty 6.1.19 and 6.1.20 allows remote attackers to inject arbitrary web script or HTML via the Value parameter in a GET request to cookie/.
Remediation
References
http://www.coresecurity.com/content/jetty-persistent-xss
http://www.securityfocus.com/archive/1/507013/100/0/threaded
http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
Related Vulnerabilities
CVE-2020-17519 Vulnerability in maven package org.apache.flink:flink-runtime_2.12
CVE-2022-34114 Vulnerability in maven package io.dataease:dataease-plugin-common
CVE-2021-3645 Vulnerability in npm package @viking04/merge
CVE-2017-17068 Vulnerability in maven package org.webjars.npm:auth0-js
CVE-2018-14042 Vulnerability in maven package org.webjars:bootstrap-sass