PT-2011-4576 · Sonexis · Sonexis Conferencemanager
Published
2011-09-27
·
Updated
2012-05-21
·
CVE-2011-3686
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Sonexis ConferenceManager versions 9.2.11.0 through 9.3.14.0
Description
The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via various parameters, including
fname, lname, email edit, email, email2, email3, sms, sms id, or work.Recommendations
For Sonexis ConferenceManager version 9.2.11.0, update to a version that addresses these XSS vulnerabilities.
For Sonexis ConferenceManager version 9.3.14.0, update to a version that addresses these XSS vulnerabilities.
As a temporary workaround, consider restricting input for the
fname, lname, email edit, email, email2, email3, sms, sms id, and work parameters in the myAddressBook.asp file until a patch is available.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sonexis Conferencemanager