Rob Kraus

**Name of the Vulnerable Software and Affected Versions** Sonexis ConferenceManager version 9.2.11.0 **Description** The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved through several parameters in different ASP pages, including `txtConferenceID` in HostLogin.asp and ParticipantLogin.asp, `acp` in ForgotPIN.asp, and `Description`, `title`, or `Heading` in Error.asp. **Recommendations** For Sonexis ConferenceManager version 9.2.11.0, consider restricting access to the HostLogin.asp, ParticipantLogin.asp, ForgotPIN.asp, and Error.asp pages until a patch is available. As a temporary workaround, avoid using the `txtConferenceID`, `acp`, `Description`, `title`, and `Heading` parameters in the affected API endpoints.

**Name of the Vulnerable Software and Affected Versions** Sonexis ConferenceManager version 9.3.14.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via two different parameters: the `g` parameter to the "Conference/Audio/AudioResourceContainer.asp" endpoint or the `txtConferenceID` parameter to the "Login/HostLogin.asp" endpoint. **Recommendations** For Sonexis ConferenceManager version 9.3.14.0, consider restricting access to the "Conference/Audio/AudioResourceContainer.asp" and "Login/HostLogin.asp" endpoints until a patch is available. As a temporary workaround, avoid using the `g` and `txtConferenceID` parameters in these endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.