NewsPortal flaws reported

New flaws have been identified in NewsPortal that can be used to conduct cross-site scripting attacks by malicious users.

The highly critical flaw is caused by an input validation error in .php files, according to vulnerability monitoring firm Secunia. The flaw can be exploited to include arbitrary files from local and external resources.

“Some input isn’t properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site,” according to a Secunia advisory.

One solution to avoid malicious exploitation is to upgrade to NewsPortal version 0.37, according to an advisory posted on the French Security Incident Response Team site.

Westpac taps Macquarie BFS' CIO as its new IT leader

US spectrum auction will fund purge of Huawei, ZTE, other Chinese telecom gear

ASD to retire Essential Eight cyber security framework within next two years

NSW gov puts $209m more into P25 network

Qld gov backs technology projects with at least $340m

NewsPortal flaws reported

New flaws have been identified in NewsPortal that can be used to conduct cross-site scripting attacks by malicious users.

Partner Content

Sponsored Whitepapers

Events

Most Read Articles

ASD to retire Essential Eight cyber security framework within next two years

ASD draws a hard line on developers lacking security skills

Fake IT worker threat spreads outside tech sector in Australia

Services Australia describes fraud, debt-related machine learning use cases

Most popular tech stories

Bunnings to sell through Google AI Mode

ABC drops Salesforce for Braze

Treasury Wine Estates to go big on digital, data and AI

Chemist Warehouse's AI tool for HR becoming a "standard pattern"

Virgin Australia, Wesfarmers strike OpenAI agreements

HamiltonJet partners with digital services provider Fortude

SentinelOne signs distribution agreement with Sektor

Rapid7’s new SIEM combines exposure management with threat detection

The techpartner.news podcast, episode 3: Why security consultancy founder Kat McCrabb started with the hard stuff

Bluechip Infotech enters final stage of Goodson Imports acquisition

Blackberry celebrates "giant step forward"

'Touch-free' smartphone controlled with head movements

Photos: Australian industry explores data for net zero

Telstra Purple acquires IoT specialists Alliance Automation, Aqura Technologies

Govt launches consumer tech label program for smart devices

Westpac taps Macquarie BFS' CIO as its new IT leader

US spectrum auction will fund purge of Huawei, ZTE, other Chinese telecom gear

ASD to retire Essential Eight cyber security framework within next two years

NSW gov puts $209m more into P25 network

Qld gov backs technology projects with at least $340m

NewsPortal flaws reported

New flaws have been identified in NewsPortal that can be used to conduct cross-site scripting attacks by malicious users.

Add iTnews as your trusted source

Partner Content

Sponsored Whitepapers

Events

Most Read Articles

ASD to retire Essential Eight cyber security framework within next two years

ASD draws a hard line on developers lacking security skills

Fake IT worker threat spreads outside tech sector in Australia

Services Australia describes fraud, debt-related machine learning use cases

Most popular tech stories

Bunnings to sell through Google AI Mode

ABC drops Salesforce for Braze

Treasury Wine Estates to go big on digital, data and AI

Chemist Warehouse's AI tool for HR becoming a "standard pattern"

Virgin Australia, Wesfarmers strike OpenAI agreements

HamiltonJet partners with digital services provider Fortude

SentinelOne signs distribution agreement with Sektor

Rapid7’s new SIEM combines exposure management with threat detection

The techpartner.news podcast, episode 3: Why security consultancy founder Kat McCrabb started with the hard stuff

Bluechip Infotech enters final stage of Goodson Imports acquisition

Blackberry celebrates "giant step forward"

'Touch-free' smartphone controlled with head movements

Photos: Australian industry explores data for net zero

Telstra Purple acquires IoT specialists Alliance Automation, Aqura Technologies

Govt launches consumer tech label program for smart devices

Log In