3 matches found
Jetty CookieDump.java Sample Application Persistent XSS
The installed version of Mort Bay Jetty includes a sample web application, 'CookieDump.java', that allows for setting arbitrary cookies through user input to the 'Name' and 'Value' GET parameters to '/cookie' and in turn uses those without sanitizing them to generate dynamic HTML output. An...
CVE-2009-3579
Cross-site scripting XSS vulnerability in the CookieDump.java sample application in Mort Bay Jetty 6.1.19 and 6.1.20 allows remote attackers to inject arbitrary web script or HTML via the Value parameter in a GET request to cookie/...
CVE-2009-3579
CVE-2009-3579 affects Mort Bay Jetty (CookieDump.java sample app) with Jetty 6.1.19/6.1.20. The CookieDump.java code accepts user input for the Name/Value GET parameters to /cookie and uses it to generate dynamic HTML output without sanitization, enabling a remote attacker to inject arbitrary HTM...