1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Tapatalk - Cross-Site Scripting Vulnerability

Discussion in 'Resource and Add-on Discussions' started by Falkor, May 13, 2014.

  1. Falkor

    Falkor Member

    Alfa1 likes this.
  2. Jeremy

    Jeremy XenForo Moderator Staff Member

    You should disable the plugin or patch the vulnerability until such a time when this is fixed. Anything that has a security vulnerability is a risk to your website.
    euantor and Amaury like this.
  3. BamaStangGuy

    BamaStangGuy Well-Known Member

    Enable Debug Mode and disable the following by unchecking the box:

    Screenshot 2014-05-12 22.26.26.png

    This will prevent all calls to the welcome.php file that is vulnerable.

    This will allow you to keep using Tapatalk while an official patch is released. The only thing that will not work is the banner system.
    Last edited: May 13, 2014
    lazy llama and Falkor like this.
  4. rainmotorsports

    rainmotorsports Well-Known Member

    Is it the smartbanner system that's vulnerable? I manually stripped out all of the php and js in the plugin itself awhile back for unrelated reasons. Add this to the list of stuff to check when I get home.
  5. Falkor

    Falkor Member

    Let us know what you find please
  6. WCFA

    WCFA Active Member

    Anymore updates on this does it indeed need disabling ?
  7. Falkor

    Falkor Member

    Apparently they have patched it in the latest version
  8. WCFA

    WCFA Active Member

    Is this the release for XF 1.3 ? or did it cover the anything earlier ?
  9. Falkor

    Falkor Member

    I am not sure but what I read is that tapatalk_xf10_2.0.3 is supposed to fix it
  10. WCFA

    WCFA Active Member

    Ok great thank You
  11. D.O.A.

    D.O.A. Well-Known Member

Share This Page