Security News > 2021 > September > US govt sites showing porn, viagra ads share a common software vendor
A security researcher noticed all of these sites share a common software vendor.
Mil domains using a common software product provided by Laserfiche, a government contractor.
The software product called Laserfiche Forms contains a vulnerability that has allowed threat actors to push malicious and spam content on reputable government sites.
Previously, attackers have abused the open redirect functionality on government websites like that of the National Weather Service website sites to boost SEO for their content and redirect users to porn sites.
Laserfiche has now released a security advisory for the vulnerability, along with instructions on how to clean up your website from spam content.
Edwards isn't quite satisfied as Laserfiche hasn't fixed the vulnerability for all versions of its product that are still in widespread use, among other reasons.