Description

Cross-site scripting (XSS) vulnerability in the CookieDump.java sample application in Mort Bay Jetty 6.1.19 and 6.1.20 allows remote attackers to inject arbitrary web script or HTML via the Value parameter in a GET request to cookie/.

Remediation

References

http://www.coresecurity.com/content/jetty-persistent-xss

http://www.securityfocus.com/archive/1/507013/100/0/threaded

http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt

Related Vulnerabilities

CVE-2011-0013 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2020-7656 Vulnerability in maven package org.webjars:jquery

CVE-2020-7760 Vulnerability in maven package org.webjars.bowergithub.codemirror:codemirror

CVE-2020-12668 Vulnerability in maven package com.hubspot.jinjava:jinjava

CVE-2020-8135 Vulnerability in npm package @uppy/companion

Severity

Critical

Classification

CWE-79

Tags

Exploit