According to an email sent by the developers of the web application Tapatalk which comes in the form of a plug-in, a security gap has been discovered.
The vulnerability allows third parties to cross-site scripting για να αλλάξουν το περιεχόμενο ή τη συμπεριφορά της εφαρμογής στον web browser του χρήστη, χωρίς όμως να διακυβεύεται η better safety of the underlying system.
Repaired Plug-inss concern the following systems:
vBulletin 3 v4.4.1
vBulletin 4 v5.0.1
phpBB 3 v4.4.1
IPB 3.4 v3.9.1
SMF 2 v3.9.5
Xenforo v2.0.4
MyBB v3.9.1
Kunena3 v1.1.5
Vanilla v1.4.2
WBB4 V1.0.1
If your forum platform is not listed above, it is not vulnerable to cross site scripting.
If you have any questions, you can contact the plug-in deployment team directly at the email: support [at] tapatalk.com
We quote the warning email:
Dear Tapatalk Partner,
This message is to notify you of a security vulnerability that was found earlier this year in the Tapatalk plug-in. The issue involves a cross-site scripting vulnerability that may allow a third party to manipulate the content or behavior of a web application in a user's browser, without compromising the underlying system.
While our engineering team and other security apps have classified this as a low risk item and have not received any reports of compromised systems, we still recommend that you update your forum's Tapatalk Plugin to the latest version available on our website.
Plug-ins versions that have been patched:
vBulletin 3 v4.4.1
vBulletin 4 v5.0.1
phpBB 3 v4.4.1
IPB 3.4 v3.9.1
SMF 2 v3.9.5
Xenforo v2.0.4
MyBB v3.9.1
Kunena3 v1.1.5
Vanilla v1.4.2
WBB4 V1.0.1If your forum platform is not listed above, it is not vulnerable to the cross site scripting issue.
If you have any questions, please reply to this message and let us know. We will only communicate this issue via email to prevent the existence of vulnerabilities and putting forum owners who have not yet updated in unnecessary risk.
