Description

Cross-site scripting (XSS) vulnerability in the CookieDump.java sample application in Mort Bay Jetty 6.1.19 and 6.1.20 allows remote attackers to inject arbitrary web script or HTML via the Value parameter in a GET request to cookie/.

Remediation

References

http://www.coresecurity.com/content/jetty-persistent-xss

http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt

http://www.securityfocus.com/archive/1/507013/100/0/threaded

Related Vulnerabilities

CVE-2018-20677 Vulnerability in maven package org.webjars.bower:bootstrap

CVE-2018-14042 Vulnerability in maven package org.webjars.bowergithub.twbs:bootstrap

CVE-2021-21384 Vulnerability in npm package shescape

CVE-2023-33246 Vulnerability in maven package org.apache.rocketmq:rocketmq-broker

CVE-2020-12265 Vulnerability in npm package decompress-tar

Severity

Critical

Classification

CWE-79

Tags

Exploit