Version 3.0.2 of the PacketFence open source network access control (NAC) system was recently released.

"According to the Inverse development team, the update addresses two vulnerabilities in the captive portal and administrative interface that could have been exploited by an attacker to conduct cross-site scripting (XSS) attacks," The H Security reports.

"Versions prior to 3.0.2 are affected; all users are advised to update to the new version," the article states.

Go to "PacketFence NAC update closes XSS holes" to read the details.

For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.