The ISO-8859-1 encoder in Resin Pro prior to 4.0.40 does not properly perform Unicode transformations, which allows remote malicious users to bypass intended text restrictions via crafted characters, as demonstrated by bypassing an XSS protection mechanism.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
caucho resin |
||
caucho resin 4.0.38 |
||
caucho resin 4.0.37 |
||
caucho resin 4.0.36 |