Jetty CookieDump.java Sample Application Persistent XSS

The installed version of Mort Bay Jetty includes a sample web application, 'CookieDump.java', that allows for setting arbitrary cookies through user input to the 'Name' and 'Value' GET parameters to '/cookie' and in turn uses those without sanitizing them to generate dynamic HTML output. An...

CVE-2009-3579

Cross-site scripting XSS vulnerability in the CookieDump.java sample application in Mort Bay Jetty 6.1.19 and 6.1.20 allows remote attackers to inject arbitrary web script or HTML via the Value parameter in a GET request to cookie/...

Cross site scripting

Cross-site scripting XSS vulnerability in the CookieDump.java sample application in Mort Bay Jetty 6.1.19 and 6.1.20 allows remote attackers to inject arbitrary web script or HTML via the Value parameter in a GET request to cookie/...

CVE-2009-3579

CVE-2009-3579 affects Mort Bay Jetty (CookieDump.java sample app) with Jetty 6.1.19/6.1.20. The CookieDump.java code accepts user input for the Name/Value GET parameters to /cookie and uses it to generate dynamic HTML output without sanitization, enabling a remote attacker to inject arbitrary HTM...

CORE-2009-0922: Jetty Persistent XSS in Sample Cookies Application

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Jetty Persistent XSS in Sample Cookies Application 1. Advisory Information Title: Jetty Persistent XSS in Sample Cookies Application Advisory Id: CORE-2009-0922...