transmission through 4.1.1 was found to have a clickjacking weakness in the browser-facing WebUI and RPC response paths.