About a year ago Kevin Bowling submitted a patch wrt the subject, but it doesn't seem to have been committed (at least, it doesn't seem to be in the code for 2.7a).
Basically the problem is this: pci/dss scans send an XSS test that gets redirected by pound. Users see the redirected page. The pci/dss scan sees an unsanitized 30x status page from pound that includes the potential XSS vulnerability. The vulnerability is not real, afaict, but the aggravation of establishing pci/dss certfication is. Is the patch available for testing? Or is there another way of dealing with this issue. Paul -- Paul Reeves http://www.ibphoenix.com Supporting users of Firebird -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
