Description

Cross-site scripting (XSS) vulnerability in the CookieDump.java sample application in Mort Bay Jetty 6.1.19 and 6.1.20 allows remote attackers to inject arbitrary web script or HTML via the Value parameter in a GET request to cookie/.

Remediation

References

http://www.coresecurity.com/content/jetty-persistent-xss

http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt

http://www.securityfocus.com/archive/1/507013/100/0/threaded

Related Vulnerabilities

CVE-2018-5653 Vulnerability in maven package org.apache.cayenne.modeler:cayenne-modeler

CVE-2022-1243 Vulnerability in maven package org.webjars.bower:urijs

CVE-2021-26541 Vulnerability in npm package gitlog

CVE-2022-25936 Vulnerability in npm package servst

CVE-2017-16169 Vulnerability in npm package looppake

Severity

Critical

Classification

CWE-79

Tags

Exploit