Tapatalk - Cross-Site Scripting Vulnerability

[Falkor]

What are the risks to the actual forum itself with something like this?

Tapatalk Multiple Plugins "referer" Cross-Site Scripting Vulnerability

 

[Jeremy]

You should disable the plugin or patch the vulnerability until such a time when this is fixed. Anything that has a security vulnerability is a risk to your website.

 

[Brent W]

Enable Debug Mode and disable the following by unchecking the box:



This will prevent all calls to the welcome.php file that is vulnerable.

This will allow you to keep using Tapatalk while an official patch is released. The only thing that will not work is the banner system.

 

[rainmotorsports]

Enable Debug Mode and disable the following by unchecking the box:

View attachment 73584

This will prevent all calls to the welcome.php file that is vulnerable.

This will allow you to keep using Tapatalk while an official patch is released. The only thing that will not work is the banner system.

Is it the smartbanner system that's vulnerable? I manually stripped out all of the php and js in the plugin itself awhile back for unrelated reasons. Add this to the list of stuff to check when I get home.

 

[Falkor]

Let us know what you find please

 

[WCFA]

Anymore updates on this does it indeed need disabling ?

 

[Falkor]

Apparently they have patched it in the latest version

 

[WCFA]

Is this the release for XF 1.3 ? or did it cover the anything earlier ?

 

[Falkor]

I am not sure but what I read is that tapatalk_xf10_2.0.3 is supposed to fix it

 

[WCFA]

Ok great thank You

 

[D.O.A.]

https://support.tapatalk.com/threads/tapatalk-cross-site-scripting-vulnerability.24719/#post-131407