Mitigate against reflected XSS attacks in production by returning
the custom 404 response object instead of express' default 404
response
A reflected XSS vulnerability was discovered using the Burp pen test tool and successfully tested
by passing an arbitrary url parameter GET /images/?41b68(a)184a9=1
This input was echoed unmodified in the application's response meaning that it is possible to inject JavaScript commands into the returned document
johnpapa
commented
7 years ago
Mitigate against reflected XSS attacks in production by returning the custom 404 response object instead of express' default 404 response
A reflected XSS vulnerability was discovered using the Burp pen test tool and successfully tested by passing an arbitrary url parameter GET /images/?41b68(a)184a9=1
This input was echoed unmodified in the application's response meaning that it is possible to inject JavaScript commands into the returned document
This fixes #132