Due to insufficient defaults being used for some security-relevant HTTP response headers, Exaoperaton was vulnerable to clickjacking attacks.
If a user that is logged into Exaoperation would interact with a malicious website, the website could interact with Exaoperation using the users credentials.
We recommend an immediate update to remedy the issue.
Additionally, we recommend to only log into Exaoperation when needed and log out afterwards or use a secondary browser profile that is only used to interact with Exaoperation.
The relevant default settings for HTTP response headers were strengthened to align with security best practices. Additionally, more defenses against XSS attacks were implemented.