X-Frame-Options Defined via META (Non-compliant with Spec)

Home/Alerts/Alert detail/

Risk:
Medium

Type:
Passive

CWE:
CWE-1021

Summary: An X-Frame-Options (XFO) META tag was found, defining XFO via a META tag is explicitly not supported by the spec (RFC 7034).

Solution: Ensure X-Frame-Options is set via a response header field. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.

References: https://tools.ietf.org/html/rfc7034#section-4

Top Security News

Massive PSAUX ransomware attack targets 22,000 CyberPanel instances

Truist Bank confirms breach after stolen data shows up on hacking forum

Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443)

Microsoft SharePoint RCE bug exploited to breach corporate network

CISA proposes new security requirements to protect govt, personal data

LiteSpeed Cache WordPress plugin bug lets hackers get admin access

DDoS site Dstat.cc seized and two suspects arrested in Germany

Google patches actively exploited Android vulnerability (CVE-2024-43093)

Common Alerts

HighAdvanced SQL Injection

HighExternal Redirect

InformationalInformation Disclosure - Information in Browser sessionStorage

LowInsufficient Site Isolation Against Spectre Vulnerability

HighHeartbleed OpenSSL Vulnerability (Indicative)

MediumSpring Actuator Information Leak

MediumHTTP Only Site

HighRemote Code Execution - Shell Shock

LowCross-Domain JavaScript Source File Inclusion

HighViewstate without MAC Signature (Unsure)

Latest CVE List

CVE-2024-8957 PTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability

CVE-2024-8956 PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability

CVE-2024-20481 Cisco ASA and FTD Denial-of-Service Vulnerability

CVE-2024-37383 RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability

CVE-2024-47575 Fortinet FortiManager Missing Authentication Vulnerability

CVE-2024-38094 Microsoft SharePoint Deserialization Vulnerability

CVE-2024-9537 ScienceLogic SL1 Unspecified Vulnerability

CVE-2024-40711 Veeam Backup and Replication Deserialization Vulnerability

CVE-2024-30088 Microsoft Windows Kernel TOCTOU Race Condition Vulnerability

CVE-2024-9680 Mozilla Firefox Use-After-Free Vulnerability

Common CWEs

CWE-164 Improper Neutralization of Internal Special Elements

CWE-84 Improper Neutralization of Encoded URI Schemes in a Web Page

CWE-56 Path Equivalence: 'filedir*' (Wildcard)

CWE-1419 Incorrect Initialization of Resource

CWE-1083 Data Access from Outside Expected Data Manager Component

CWE-657 Violation of Secure Design Principles

CWE-1339 Insufficient Precision or Accuracy of a Real Number

HighCWE-486 Comparison of Classes by Name

CWE-786 Access of Memory Location Before Start of Buffer

CWE-781 Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code

Free security scan for your website

Don't show website scan report rating on the leaderboard