Description
Cross-site scripting (XSS) vulnerability in the CookieDump.java sample application in Mort Bay Jetty 6.1.19 and 6.1.20 allows remote attackers to inject arbitrary web script or HTML via the Value parameter in a GET request to cookie/.
Remediation
References
http://www.coresecurity.com/content/jetty-persistent-xss
http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
http://www.securityfocus.com/archive/1/507013/100/0/threaded
Related Vulnerabilities
CVE-2021-27516 Vulnerability in npm package urijs
CVE-2022-26260 Vulnerability in npm package simple-plist
CVE-2018-11696 Vulnerability in npm package node-sass
CVE-2019-14862 Vulnerability in maven package org.jszip.redist:knockout
CVE-2020-7642 Vulnerability in maven package org.webjars.bowergithub.afarkas:lazysizes