NewsPortal flaws reported

New flaws have been identified in NewsPortal that can be used to conduct cross-site scripting attacks by malicious users.

The highly critical flaw is caused by an input validation error in .php files, according to vulnerability monitoring firm Secunia. The flaw can be exploited to include arbitrary files from local and external resources.

“Some input isn’t properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site,” according to a Secunia advisory.

One solution to avoid malicious exploitation is to upgrade to NewsPortal version 0.37, according to an advisory posted on the French Security Incident Response Team site.

Monash University pilots graph database tech to map research ecosystem

AI providers plug metadata leak that exposed encrypted chat topics

M365 portal buckling as demand for Copilot refunds soar

DVA trials ChatGPT-based tool with 300 staff

Microsoft launches 'superintelligence' team

NewsPortal flaws reported

New flaws have been identified in NewsPortal that can be used to conduct cross-site scripting attacks by malicious users.

Partner Content

Sponsored Whitepapers

Events

Most Read Articles

The BoM has finally tamed SSL

Scores of Australian Cisco devices remain BADCANDY infected

US prosecutors say cyber security pros ran cybercrime operation

Australia and US impose sanctions on North Korean cyber ops

Most popular tech stories

ABC drops Salesforce for Braze

Westpac Intelligence Layer breaks cover

Suncorp creates a "clear execution roadmap" for agentic AI

Uniting uses GenAI to cut admin burden for frontline care workers

Qantas' digital and customer head steps down

HamiltonJet partners with digital services provider Fortude

SentinelOne signs distribution agreement with Sektor

Rapid7’s new SIEM combines exposure management with threat detection

The techpartner.news podcast, episode 3: Why security consultancy founder Kat McCrabb started with the hard stuff

Bluechip Infotech enters final stage of Goodson Imports acquisition

Blackberry celebrates "giant step forward"

Telstra Purple acquires IoT specialists Alliance Automation, Aqura Technologies

Photos: Australian industry explores data for net zero

'Touch-free' smartphone controlled with head movements

Photos: The 2024 IoT Awards winners

Monash University pilots graph database tech to map research ecosystem

AI providers plug metadata leak that exposed encrypted chat topics

M365 portal buckling as demand for Copilot refunds soar

DVA trials ChatGPT-based tool with 300 staff

Microsoft launches 'superintelligence' team

NewsPortal flaws reported

New flaws have been identified in NewsPortal that can be used to conduct cross-site scripting attacks by malicious users.

Partner Content

Sponsored Whitepapers

Events

Most Read Articles

The BoM has finally tamed SSL

Scores of Australian Cisco devices remain BADCANDY infected

US prosecutors say cyber security pros ran cybercrime operation

Australia and US impose sanctions on North Korean cyber ops

Most popular tech stories

ABC drops Salesforce for Braze

Westpac Intelligence Layer breaks cover

Suncorp creates a "clear execution roadmap" for agentic AI

Uniting uses GenAI to cut admin burden for frontline care workers

Qantas' digital and customer head steps down

HamiltonJet partners with digital services provider Fortude

SentinelOne signs distribution agreement with Sektor

Rapid7’s new SIEM combines exposure management with threat detection

The techpartner.news podcast, episode 3: Why security consultancy founder Kat McCrabb started with the hard stuff

Bluechip Infotech enters final stage of Goodson Imports acquisition

Blackberry celebrates "giant step forward"

Telstra Purple acquires IoT specialists Alliance Automation, Aqura Technologies

Photos: Australian industry explores data for net zero

'Touch-free' smartphone controlled with head movements

Photos: The 2024 IoT Awards winners

Log In