RSS   Vulnerabilities for 'Sitekiosk'   RSS

2006-12-13
 
CVE-2006-6510

CWE-Other
 

 
An unspecified ActiveX control in SiteKiosk before 6.5.150 is installed "safe for scripting", which allows local users to bypass security protections and read arbitrary files via certain functions.

 
 
CVE-2006-6509

CWE-Other
 

 
Cross-site scripting (XSS) vulnerability in the skinning feature in SiteKiosk before 6.5.150 allows local users to bypass security protections and inject arbitrary web script or HTML via an ABOUT: URI, which is displayed in the title bar of the browser.

 


Copyright 2024, cxsecurity.com

 

Back to Top