Are you using the stage for upstream 2.7b branch? Or running this patch? https://github.com/goochjj/pound/commit/8b29ed0e1a6760de395b64274c5de95ad05143fe.diff
Joe From: [email protected] [mailto:[email protected]] Sent: Monday, August 05, 2013 10:37 AM To: Pound Subject: [Pound Mailing List] port 80 redirect and XSS Hi, we are using pound on a centos 6 base and it works fine. A few days ago we had a security scan and now there is a problem with xss (cross site scripting). When the client connects on port 80 an ask about a link with bad code in it (GET /"><script>alert(document.domain)</script>.html HTTP/1.1), the pound-system replies with a 300-Code and the full request. Is it possible to filter or do a url-encoding/html-encoding before the 300-Reply gets back to the browser ? Or what else can we do to resolve this issue. Any suggestions are welcome kind regards fatcharly -- To unsubscribe send an email with subject unsubscribe to [email protected]<mailto:[email protected]>. Please contact [email protected]<mailto:[email protected]> for questions.
