Il documento del 2008 di Blake Franz di Leviathan Security - link - identifica alcuni degli spazi di problemi originali con set di caratteri.
Alcuni strumenti identificano e spiegano correttamente questo problema, come Burp Suite Professional - link
Vedrai la menzione dei set di caratteri nelle guide di prova OWASP su XSS memorizzato:
This design flaw can be exploited in browser MIME mishandling attacks.
For instance, innocuous-looking files like JPG and GIF can contain an
XSS payload that is executed when they are loaded by the browser. This
is possible when the MIME type for an image such as image/gif can
instead be set to text/html. In this case the file will be treated by
the client browser as HTML.
Also consider that Internet Explorer does not handle MIME types in the
same way as Mozilla Firefox or other browsers do. For instance,
Internet Explorer handles TXT files with HTML content as HTML content.
For further information about MIME handling, refer to the whitepapers
section at the bottom of this chapter.
Ulteriori informazioni possono essere trovate nella pagina di Wikipedia sotto Charset Sniffing - link