NewsPortal flaws reported

New flaws have been identified in NewsPortal that can be used to conduct cross-site scripting attacks by malicious users.

The highly critical flaw is caused by an input validation error in .php files, according to vulnerability monitoring firm Secunia. The flaw can be exploited to include arbitrary files from local and external resources.

“Some input isn’t properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site,” according to a Secunia advisory.

One solution to avoid malicious exploitation is to upgrade to NewsPortal version 0.37, according to an advisory posted on the French Security Incident Response Team site.

In Pictures: State of Data & AI report launch breakfast

CBA using facial recognition logins to verify disputed payments

Australia takes another step toward a central bank digital currency

UK police arrest four over cyberattacks on M&S, Co-op and Harrods

Viva Energy completes greenfield HR setup in time for Coles cutover

NewsPortal flaws reported

New flaws have been identified in NewsPortal that can be used to conduct cross-site scripting attacks by malicious users.

Partner Content

Sponsored Whitepapers

Events

Most Read Articles

CBA using facial recognition logins to verify disputed payments

Qantas contacted by "potential cyber criminal"

SA Power Networks tackles IAM, cloud security under five-year strategy

Qantas facing 'significant' data theft after cyber attack

Most popular tech stories

Woolworths Group consolidates 30,000 marketing assets into Adobe platform

El Jannah backs Salesforce martech stack to support store expansion

NSW gov employers 'should not' use AI for hiring decisions

Optus' first AI chief Samantha Lawson exits

Viva Energy completes greenfield HR setup in time for Coles cutover

Ingram Micro hit by ransomware

PHOTOS: The M&A Session - Sydney

The techpartner.news podcast, episode 1: Why OxygenIT dropped 80 percent of its customers

Announcing the 2025 Impact Awards Partner Leadership finalists

Dell’s new platform wants to end HCI vendor lock-in

Blackberry celebrates "giant step forward"

Laing O'Rourke brings IoT to hard hats

Co-founder of IoT telco Thinxtra Loïc Barancourt departs

Telstra to host IoT State of the Nation event on November 14

Aldi supplier trials RFID tags on bananas

In Pictures: State of Data & AI report launch breakfast

CBA using facial recognition logins to verify disputed payments

Australia takes another step toward a central bank digital currency

UK police arrest four over cyberattacks on M&S, Co-op and Harrods

Viva Energy completes greenfield HR setup in time for Coles cutover

NewsPortal flaws reported

New flaws have been identified in NewsPortal that can be used to conduct cross-site scripting attacks by malicious users.

Partner Content

Sponsored Whitepapers

Events

Most Read Articles

CBA using facial recognition logins to verify disputed payments

Qantas contacted by "potential cyber criminal"

SA Power Networks tackles IAM, cloud security under five-year strategy

Qantas facing 'significant' data theft after cyber attack

Most popular tech stories

Woolworths Group consolidates 30,000 marketing assets into Adobe platform

El Jannah backs Salesforce martech stack to support store expansion

NSW gov employers 'should not' use AI for hiring decisions

Optus' first AI chief Samantha Lawson exits

Viva Energy completes greenfield HR setup in time for Coles cutover

Ingram Micro hit by ransomware

PHOTOS: The M&A Session - Sydney

The techpartner.news podcast, episode 1: Why OxygenIT dropped 80 percent of its customers

Announcing the 2025 Impact Awards Partner Leadership finalists

Dell’s new platform wants to end HCI vendor lock-in

Blackberry celebrates "giant step forward"

Laing O'Rourke brings IoT to hard hats

Co-founder of IoT telco Thinxtra Loïc Barancourt departs

Telstra to host IoT State of the Nation event on November 14

Aldi supplier trials RFID tags on bananas

Log In