>From vendor: In order to access this vulnerabilty, the user has to intentional visit a page which has intentional created the malious exit javascript. The product has many security functions built in to prevent this occuring. The products setting screens allow the product to easily prevent this occuring, by setting the main URl to URL that does not allow access to out side web sites, additional site restrictions can be entered to ensure that a user cannot access anything but the desired pages or sites. The issue will be fixed in the next release of the product, but in the mean time is entirely preventable in any normal type of implementation of the product.
