PT-2011-4576 · Sonexis · Sonexis Conferencemanager
Publicado
2011-09-27
·
Atualizado
2012-05-21
·
CVE-2011-3686
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Sonexis ConferenceManager versions 9.2.11.0 through 9.3.14.0
Description
The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via various parameters, including
fname, lname, email edit, email, email2, email3, sms, sms id, or work.Recommendations
For Sonexis ConferenceManager version 9.2.11.0, update to a version that addresses these XSS vulnerabilities.
For Sonexis ConferenceManager version 9.3.14.0, update to a version that addresses these XSS vulnerabilities.
As a temporary workaround, consider restricting input for the
fname, lname, email edit, email, email2, email3, sms, sms id, and work parameters in the myAddressBook.asp file until a patch is available.Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Sonexis Conferencemanager