Description

The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly perform Unicode transformations, which allows remote attackers to bypass intended text restrictions via crafted characters, as demonstrated by bypassing an XSS protection mechanism.

Remediation

References

CVE-2014-2966

Related Vulnerabilities

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Cross-Site Scripting (2.0.17)

WordPress Plugin Newsletter-Send awesome emails from WordPress Unspecified Vulnerability (4.1.1)

WordPress Multiple Cross-Site Scripting Vulnerabilities (4.1 - 4.2.1)

WordPress Plugin User Registration-Custom Registration Form, Login Form And User Profile Cross-Site Scripting (2.0.1)

Oracle JRE CVE-2012-0547 Vulnerability (CVE-2012-0547)

Severity

Medium

Classification

CVE-2014-2966 CWE-264

Tags

Missing Update Known Vulnerabilities