CVE-2006-6509

Name of the Vulnerable Software and Affected Versions SiteKiosk versions prior to 6.5.150

Description A cross-site scripting (XSS) issue exists in the skinning feature, allowing local users to bypass security protections and inject arbitrary web script or HTML via an ABOUT: URI, which is displayed in the title bar of the browser.

Recommendations For versions prior to 6.5.150, update to version 6.5.150 or later to resolve the issue. As a temporary workaround, consider restricting access to the skinning feature until a patch is available. Avoid using the ABOUT: URI in the title bar of the browser to minimize the risk of exploitation.