TikTok has patched a reflected cross-site scripting security flaw and a vulnerability leading to account takeover impacting the firm’s web domain, which were reported by a security researcher.