NewsPortal flaws reported

New flaws have been identified in NewsPortal that can be used to conduct cross-site scripting attacks by malicious users.

The highly critical flaw is caused by an input validation error in .php files, according to vulnerability monitoring firm Secunia. The flaw can be exploited to include arbitrary files from local and external resources.

“Some input isn’t properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site,” according to a Secunia advisory.

One solution to avoid malicious exploitation is to upgrade to NewsPortal version 0.37, according to an advisory posted on the French Security Incident Response Team site.

South32 upgrades its onboarding with SuccessFactors

CBA wants agents to initiate application modernisation

India revokes order to preload cyber security app on smartphones

ASX outage caused by security software upgrade

Empowering Sustainability: Schneider Electric's Commitment to Driving Customer Success

NewsPortal flaws reported

New flaws have been identified in NewsPortal that can be used to conduct cross-site scripting attacks by malicious users.

Partner Content

Sponsored Whitepapers

Events

Most Read Articles

WA man jailed for at least five years for evil twin attack

Home Affairs to unleash AI on sensitive government data

Watt flags more fed insourcing after BoM website outrage

ASX outage caused by security software upgrade

Most popular tech stories

CBA finds its first chief AI officer

Virgin Australia, Wesfarmers strike OpenAI agreements

QBE backs leadership and startup culture to deliver transformation

News Corp Australia taps IAG digital exec as next CDTO

Chemist Warehouse's AI tool for HR becoming a "standard pattern"

HamiltonJet partners with digital services provider Fortude

SentinelOne signs distribution agreement with Sektor

Rapid7’s new SIEM combines exposure management with threat detection

The techpartner.news podcast, episode 3: Why security consultancy founder Kat McCrabb started with the hard stuff

Bluechip Infotech enters final stage of Goodson Imports acquisition

Blackberry celebrates "giant step forward"

'Touch-free' smartphone controlled with head movements

Govt launches consumer tech label program for smart devices

Perth IoT vendor Digital Matter names new chief executive

Axis Communications opens experience centre in Sydney tech hub

South32 upgrades its onboarding with SuccessFactors

CBA wants agents to initiate application modernisation

India revokes order to preload cyber security app on smartphones

ASX outage caused by security software upgrade

Empowering Sustainability: Schneider Electric's Commitment to Driving Customer Success

NewsPortal flaws reported

New flaws have been identified in NewsPortal that can be used to conduct cross-site scripting attacks by malicious users.

Partner Content

Sponsored Whitepapers

Events

Most Read Articles

WA man jailed for at least five years for evil twin attack

Home Affairs to unleash AI on sensitive government data

Watt flags more fed insourcing after BoM website outrage

ASX outage caused by security software upgrade

Most popular tech stories

CBA finds its first chief AI officer

Virgin Australia, Wesfarmers strike OpenAI agreements

QBE backs leadership and startup culture to deliver transformation

News Corp Australia taps IAG digital exec as next CDTO

Chemist Warehouse's AI tool for HR becoming a "standard pattern"

HamiltonJet partners with digital services provider Fortude

SentinelOne signs distribution agreement with Sektor

Rapid7’s new SIEM combines exposure management with threat detection

The techpartner.news podcast, episode 3: Why security consultancy founder Kat McCrabb started with the hard stuff

Bluechip Infotech enters final stage of Goodson Imports acquisition

Blackberry celebrates "giant step forward"

'Touch-free' smartphone controlled with head movements

Govt launches consumer tech label program for smart devices

Perth IoT vendor Digital Matter names new chief executive

Axis Communications opens experience centre in Sydney tech hub

Log In