We’re with you. JoomShaper is offering a 20% Discount on all plans due to the impact of COVID-19

Support Online : Mon - Fri / 10am - 6pm (GMT +6)

Your Time: Our Time:

Potential security risk in your modul SP Tab?

Featured Lock Resolved Issue

we use SP Tab on our Clients Homepage. The Hoster (Strato) has a Service called Side-Lock and this service reports a critical security risk in your modul SP Tab. The security risk is the potential for so-called cross-site scripting. in the detailed description the css.php files are listed.
you are aware of a problem with the files?
how can we solve this problem?


8 Answers

Paul Frankowski - Staff

More than a month ago #Permalink
Until Monday all I can do is to add your request to wish-bug-list.
if you feel uncomfortable > do not use this module until next update.

Thanks for the notification.


More than a month ago #Permalink
Hi, is this solved?

Nico Gerling

More than a month ago #Permalink
Hi, no it is not solved. The Server still reports the risk of cross-site scripting.


More than a month ago #Permalink
Hi Nico, thank you for your reply.

Can someone from Joomshaper solve this ASAP as SP Tab is a great extension and it would be really good to be able to use it again safely on your templates?


Paul Frankowski - Staff

More than a month ago #Permalink
please add a screenshot from this server response.
Mine couldn't find any risk.


More than a month ago #Permalink
can you please add a screenshot regarding risk of cross-site scripting.from server response as Paul requested?

Nico Gerling

More than a month ago #Permalink
here are the screenshots as requested.
This is the critical warning:
Strato SiteLock.png
This is the CSS File:
and here a screenshot of the raw.css File for comparison, as you can see, we have only added a few lines.

Attachments (3)

  • Strato SiteLock.png
    Strato SiteLock.png 50.1 KB
  • custom.css-file.png
    custom.css-file.png 36.3 KB
  • raw.css-file.png
    raw.css-file.png 30.4 KB

Paul Frankowski - Staff

More than a month ago #Permalink
On my eyes, it's fake alert.
This is basic CSS, 100% safe, no hidden script etc.
Contact with hosting support. We cannot change it.

There are no replies made for this post yet.
Be one of the first to reply to this post!




Community Users


Don’t miss any updates of our new templates and extensions and all the astonishing offers we bring for you.
We never spam

Joomla! ® name is used under a limited license from Open Source Matters in the United States and other countries. JoomShaper.com is not affiliated with or endorsed by Open Source Matters or the Joomla! Project.

Connect Us