Content Player LSO CW28/2016

Hi Guys,

The development team has released notes that in my opinion are worth looking into as the fix some security issues.

The first note 2337225 informs about an issue where LSO Content Player allowed attacker to put the malicious page in a frame and hijack user clicks meant for the original (top level) page, resulting in Clickjacking vulnerability.

Successful exploitation of this vulnerability leads to unwanted modification of user’s data.

The issue can be solved by applying LSOCP 634 Support Package 4 which was delivered in the note 2065494

Regards
LSO and TEM Support