New research from Stanford University and Carnegie Mellon University found that frame-busting, a populartechnique that stops a website from operating when it s loaded inside a frame, does not prevent clickjacking. The high-severity cross-site scripting flaws could allow remote-code injection on QNAP NAS systems. The most-rewarded flaw is XSS, which is among those that are relatively cheap for organizations to identify. Read the full article.
Source: https://threatpost.com/research-frame-busting-does-not-stop-clickjacking-052710/74028/