[ZendTo] X-Frame-Options Vulnerability
Ryan Stepalavich
rstepalavich at gmail.com
Fri Feb 2 17:56:45 GMT 2018
Hi everybody,
We just got our latest audit in and found a cross-frame scripting
vulnerability in ZendTo.
“it is possible to load application pages in an external frame. The
application's response data does not set a suitable X-Frame-Options header
or use other measures in order to prevent framing attacks.”
https://coderwall.com/p/kdv1hw/prevent-rendering-your-page-inside-an-iframe-using-x-frame-options
Is this something that’s compatible with 5.00-2?
Thanks in advance!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20180202/66263aad/attachment.html
More information about the ZendTo
mailing list