Description

Cross-site scripting (XSS) vulnerability in the CookieDump.java sample application in Mort Bay Jetty 6.1.19 and 6.1.20 allows remote attackers to inject arbitrary web script or HTML via the Value parameter in a GET request to cookie/.

Remediation

References

http://www.coresecurity.com/content/jetty-persistent-xss

http://www.securityfocus.com/archive/1/507013/100/0/threaded

http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt

Related Vulnerabilities

CVE-2022-25847 Vulnerability in npm package serve-lite

CVE-2021-28165 Vulnerability in maven package org.eclipse.jetty:jetty-io

CVE-2020-28435 Vulnerability in npm package ffmpeg-sdk

CVE-2018-11695 Vulnerability in maven package org.webjars.npm:node-sass

CVE-2020-2229 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Severity

Critical

Classification

CWE-79

Tags

Exploit