Cross Frame Scripting (XFS) vulnerability enables an attacker to load malicious code inside a HTTP frame. See more details here.
The fix for the vulnerability is trivial:
The X-Frame-Options HTTP Header entry needs to be passed to the browser. Further details can be found here.
Currently the X-Frame-Options field is not passed to the browser through Storm UI.
The implementation for this fix would enable the Storm Administrator to set the X-Frame-Options field through a storm config parameter:
The parameter would have three possible values which would reflect X-Frame-Option's possible values.