Description

The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly perform Unicode transformations, which allows remote attackers to bypass intended text restrictions via crafted characters, as demonstrated by bypassing an XSS protection mechanism.

Remediation

References

CVE-2014-2966

Related Vulnerabilities

WordPress Plugin bbPress Social Network Multiple Cross-Site Scripting Vulnerabilities (9.2)

Drupal Core 6.x Session Hijacking (6.0 - 6.33)

PrestaShop Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-20717)

Oracle JRE CVE-2013-2462 Vulnerability (CVE-2013-2462)

Jenkins Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-5318)

Severity

Medium

Classification

CVE-2014-2966 CWE-264

Tags

Missing Update Known Vulnerabilities