We just released a new version of jNews: 8.1.x. It is important that you update to this version, as it fix a potential cross-site scripting (XSS) security vulnerability that has been identified in one of the library we use: Open Flash Chart. This library is used to show graphical statistics in the jNews.
We recommend that all customers update to 8.1.x.
To fix the problem you can also simply replace the appropriate file to the latest version:
The file to replace is open-flash-chart.swf. It is located here: http://www.YourSite.com/components/com_jnews/includes/openflashchart/open-flash-chart.swf
You can download the latest file here:
To download the swf file, right click on the link and select Save Link As...
How to obtain the latest version?
In our effort to serve you better, you may also sign up for e-mail notification and/or follow our Facebook and Twitter pages to receive any future advisories.