Description
The character encoding (charset) of this page is dirrectly controlled by user input. The charset can be specified in the Content-Type header or in a meta tag declaration. If an attacker can control the response charset, they could manipulate the HTML to perform XSS or other attacks.
Remediation
It's recommended to force UTF-8 in charset declarations. If the user must control the charset, make sure you are using a whitelist of accepted charsets.
References
Related Vulnerabilities
WordPress Plugin Redux Framework Multiple Cross-Site Scripting Vulnerabilities (3.6.0.2)
WordPress Plugin GS Portfolio for Envato Cross-Site Scripting (1.3.8)
WordPress Plugin Article Directory Redux Cross-Site Scripting (1.0.2)
WordPress Plugin WP Consultant Cross-Site Scripting (1.0)
WordPress Plugin Contact Form 7-Clockwork SMS Cross-Site Scripting (2.3.0)