[ZendTo] X-Frame-Options Vulnerability
Julian Field
Jules at ecs.soton.ac.uk
Sat Feb 3 17:48:46 GMT 2018
Ryan,
Many thanks for reporting this one.
I have added a fix that will be in version 5.01.
Thanks!
Jules.
On 02/02/2018 5:56 pm, Ryan Stepalavich wrote:
> Hi everybody,
>
> We just got our latest audit in and found a cross-frame scripting
> vulnerability in ZendTo.
>
> “it is possible to load application pages in an external frame. The
> application's response data does not set a suitable X-Frame-Options
> header or use other measures in order to prevent framing attacks.”
>
> https://coderwall.com/p/kdv1hw/prevent-rendering-your-page-inside-an-iframe-using-x-frame-options
>
> Is this something that’s compatible with 5.00-2?
>
> Thanks in advance!
>
>
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto
Jules
--
Jules Field MEng CEng CITP MBCS MIEEE MACM
email+iMessage: Jules at ecs.soton.ac.uk
Twitter: @JulesFM
Senior Tutor, Electronics and Computer Science
Teaching Systems Manager, Faculty of Physical Sciences and Engineering
University of Southampton SO17 1BJ, UK
'That is the land of lost content,
I see it shining plain,
The happy highways where I went,
And cannot come again.' - A.E. Houseman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20180203/d18727cb/attachment.html
More information about the ZendTo
mailing list