cloudfoundry-identity-server is vulnerable to clickjacking attacks. It was discovered that it does not use content security policy X-FRAME-OPTIONS
header on various email-endpoints which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions during the account login.