mod_proxy_ftpにUTF-7によるクロスサイトスクリプティングの脆弱性が見つかっています

Mod_proxy_ftp "provides support for the proxying FTP sites. Note that FTP support is currently limited to the GET method." A XSS(UTF7) exist in mod_proxy_ftp.c . Charset is not defined and we can provide XSS attack using ";" char in URL by setting Charset to UTF-7.