Description
The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly perform Unicode transformations, which allows remote attackers to bypass intended text restrictions via crafted characters, as demonstrated by bypassing an XSS protection mechanism.
Remediation
References
Related Vulnerabilities
WordPress Plugin bbPress Social Network Multiple Cross-Site Scripting Vulnerabilities (9.2)
Drupal Core 6.x Session Hijacking (6.0 - 6.33)
PrestaShop Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-20717)
Oracle JRE CVE-2013-2462 Vulnerability (CVE-2013-2462)
Jenkins Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-5318)