Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in myAddressBook.asp in Sonexis ConferenceManager 9.2.11.0 and 9.3.14.0 allow remote attackers to inject arbitrary web script or HTML via the (1) fname, (2) lname, (3) email_edit, (4) email, (5) email2, (6) email3, (7) sms, (8) sms_id, or (9) work parameter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sonexis | Conferencemanager | 9.2.11.0 |
Related Weaknesses (CWE)
References
- http://www.solutionary.com/index/SERT/Vuln-Disclosures/Sonexis-XSS-VulnerabilitiExploit
- http://www.solutionary.com/index/SERT/Vuln-Disclosures/Sonexis-XSS-VulnerabilitiExploit
FAQ
What is CVE-2011-3686?
CVE-2011-3686 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in myAddressBook.asp in Sonexis ConferenceManager 9.2.11.0 and 9.3.14.0 allow remote attackers to inject arbitrary web script or HTML via the (1) fn...
How severe is CVE-2011-3686?
CVE-2011-3686 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-3686?
Check the references section above for vendor advisories and patch information. Affected products include: Sonexis Conferencemanager.