1. SP Tab Module
  2. Thursday, 15 August 2019
Hello,

we use SP Tab on our Clients Homepage. The Hoster (Strato) has a Service called Side-Lock and this service reports a critical security risk in your modul SP Tab. The security risk is the potential for so-called cross-site scripting. in the detailed description the css.php files are listed.
you are aware of a problem with the files?
how can we solve this problem?

Nico
Responses (8)
Hi.
Until Monday all I can do is to add your request to wish-bug-list.
if you feel uncomfortable > do not use this module until next update.

Thanks for the notification.
  1. more than a month ago
  2. SP Tab Module
  3. # 1
Hi, is this solved?
  1. more than a month ago
  2. SP Tab Module
  3. # 2
Hi, no it is not solved. The Server still reports the risk of cross-site scripting.
  1. more than a month ago
  2. SP Tab Module
  3. # 3
Hi Nico, thank you for your reply.

Can someone from Joomshaper solve this ASAP as SP Tab is a great extension and it would be really good to be able to use it again safely on your templates?

Best
  1. more than a month ago
  2. SP Tab Module
  3. # 4
please add a screenshot from this server response.
Mine couldn't find any risk.
  1. more than a month ago
  2. SP Tab Module
  3. # 5
Nico,
can you please add a screenshot regarding risk of cross-site scripting.from server response as Paul requested?
  1. more than a month ago
  2. SP Tab Module
  3. # 6
Hello,
here are the screenshots as requested.
This is the critical warning:
Strato SiteLock.png
This is the CSS File:
custom.css-file.png
and here a screenshot of the raw.css File for comparison, as you can see, we have only added a few lines.
raw.css-file.png
Attachments (3)
  1. more than a month ago
  2. SP Tab Module
  3. # 7
On my eyes, it's fake alert.
This is basic CSS, 100% safe, no hidden script etc.
Contact with hosting support. We cannot change it.
  1. more than a month ago
  2. SP Tab Module
  3. # 8


There are no replies made for this post yet.
Be one of the first to reply to this post!


This forum is archived

This forum has been archived. Please use JoomShaper official support system.