NewsPortal flaws reported

New flaws have been identified in NewsPortal that can be used to conduct cross-site scripting attacks by malicious users.

The highly critical flaw is caused by an input validation error in .php files, according to vulnerability monitoring firm Secunia. The flaw can be exploited to include arbitrary files from local and external resources.

“Some input isn’t properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site,” according to a Secunia advisory.

One solution to avoid malicious exploitation is to upgrade to NewsPortal version 0.37, according to an advisory posted on the French Security Incident Response Team site.

Australia includes Reddit, Kick in teen social media ban

New ATO division to de-risk major system transformations

Samsung triple zero handset firmware mystery deepens

NSW DCCEEW makes CDIO its top tech role

Uniting uses GenAI to cut admin burden for frontline care workers

NewsPortal flaws reported

New flaws have been identified in NewsPortal that can be used to conduct cross-site scripting attacks by malicious users.

Partner Content

Sponsored Whitepapers

Events

Most Read Articles

Tasmanian gov agencies impacted by cyber attack

Australian chief at US defence contractor L3Harris sold exploits to Russia

Vic gov agencies flying blind on server security, audit finds

Home Affairs streamlines risk vetting for gov tech suppliers

Most popular tech stories

Suncorp creates a "clear execution roadmap" for agentic AI

Westpac Intelligence Layer breaks cover

Coles to transform finance as 'cloud ERP' program evolves

Qantas' digital and customer head steps down

Coles offers ChatGPT Enterprise to corporate staff

HamiltonJet partners with digital services provider Fortude

SentinelOne signs distribution agreement with Sektor

Rapid7’s new SIEM combines exposure management with threat detection

The techpartner.news podcast, episode 3: Why security consultancy founder Kat McCrabb started with the hard stuff

Bluechip Infotech enters final stage of Goodson Imports acquisition

Blackberry celebrates "giant step forward"

Photos: Australian industry explores data for net zero

'Touch-free' smartphone controlled with head movements

Telstra Purple acquires IoT specialists Alliance Automation, Aqura Technologies

Photos: the IoT in Action event in Sydney

Australia includes Reddit, Kick in teen social media ban

New ATO division to de-risk major system transformations

Samsung triple zero handset firmware mystery deepens

NSW DCCEEW makes CDIO its top tech role

Uniting uses GenAI to cut admin burden for frontline care workers

NewsPortal flaws reported

New flaws have been identified in NewsPortal that can be used to conduct cross-site scripting attacks by malicious users.

Partner Content

Sponsored Whitepapers

Events

Most Read Articles

Tasmanian gov agencies impacted by cyber attack

Australian chief at US defence contractor L3Harris sold exploits to Russia

Vic gov agencies flying blind on server security, audit finds

Home Affairs streamlines risk vetting for gov tech suppliers

Most popular tech stories

Suncorp creates a "clear execution roadmap" for agentic AI

Westpac Intelligence Layer breaks cover

Coles to transform finance as 'cloud ERP' program evolves

Qantas' digital and customer head steps down

Coles offers ChatGPT Enterprise to corporate staff

HamiltonJet partners with digital services provider Fortude

SentinelOne signs distribution agreement with Sektor

Rapid7’s new SIEM combines exposure management with threat detection

The techpartner.news podcast, episode 3: Why security consultancy founder Kat McCrabb started with the hard stuff

Bluechip Infotech enters final stage of Goodson Imports acquisition

Blackberry celebrates "giant step forward"

Photos: Australian industry explores data for net zero

'Touch-free' smartphone controlled with head movements

Telstra Purple acquires IoT specialists Alliance Automation, Aqura Technologies

Photos: the IoT in Action event in Sydney

Log In