CVE-2014-2966

Resin Pro < 4.0.40 - XSS Protection Bypass via ISO-8859-1 Unicode Transformation

Title source: llm
STIX 2.1

Description

The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly perform Unicode transformations, which allows remote attackers to bypass intended text restrictions via crafted characters, as demonstrated by bypassing an XSS protection mechanism.

References (2)

Core 2
Core References
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/162308

Scores

EPSS 0.0167
EPSS Percentile 74.0%

Details

CWE
CWE-20 CWE-264
Status published
Products (4)
caucho/resin 4.0.36
caucho/resin 4.0.37
caucho/resin 4.0.38
caucho/resin < 4.0.39
Published Jul 26, 2014
Tracked Since Feb 18, 2026