Vulnerability Details CVE-2009-3579
Cross-site scripting (XSS) vulnerability in the CookieDump.java sample application in Mort Bay Jetty 6.1.19 and 6.1.20 allows remote attackers to inject arbitrary web script or HTML via the Value parameter in a GET request to cookie/.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 46.4%
CVSS Severity
CVSS v2 Score 4.3
References
- http://www.coresecurity.com/content/jetty-persistent-xss
- http://www.securityfocus.com/archive/1/507013/100/0/threaded
- http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
- http://www.coresecurity.com/content/jetty-persistent-xss
- http://www.securityfocus.com/archive/1/507013/100/0/threaded
- http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt