<div><div class="gmail_quote"><div><span style="font-family:Arial,sans-serif">Hi everybody,</span><br></div><div lang="EN-US" link="#0563C1" vlink="#954F72"><div class="m_-5712774021550482680WordSection1">
<p class="MsoNormal"><span style="font-family:&quot;Arial&quot;,sans-serif"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-family:&quot;Arial&quot;,sans-serif">We just got our latest audit in and found a cross-frame scripting vulnerability in ZendTo.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:&quot;Arial&quot;,sans-serif"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-family:&quot;Arial&quot;,sans-serif">“it is possible to load application pages in an external frame. The application&#39;s response data does not set a suitable X-Frame-Options header or use other measures in order to prevent framing
 attacks.”<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:&quot;Arial&quot;,sans-serif"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-family:&quot;Arial&quot;,sans-serif"><a href="https://coderwall.com/p/kdv1hw/prevent-rendering-your-page-inside-an-iframe-using-x-frame-options" target="_blank">https://coderwall.com/p/kdv1hw/prevent-rendering-your-page-inside-an-iframe-using-x-frame-options</a><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:&quot;Arial&quot;,sans-serif"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-family:&quot;Arial&quot;,sans-serif">Is this something that’s compatible with 5.00-2?<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:&quot;Arial&quot;,sans-serif"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-family:&quot;Arial&quot;,sans-serif">Thanks in advance!</span></p></div>
</div>

</div></div>