CVE-2011-3687

Name of the Vulnerable Software and Affected Versions Sonexis ConferenceManager version 9.2.11.0

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved through several parameters in different ASP pages, including txtConferenceID in HostLogin.asp and ParticipantLogin.asp, acp in ForgotPIN.asp, and Description, title, or Heading in Error.asp.

Recommendations For Sonexis ConferenceManager version 9.2.11.0, consider restricting access to the HostLogin.asp, ParticipantLogin.asp, ForgotPIN.asp, and Error.asp pages until a patch is available. As a temporary workaround, avoid using the txtConferenceID, acp, Description, title, and Heading parameters in the affected API endpoints.