Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:26088
HistoryApr 11, 2011 - 12:00 a.m.

Sonexis ConferenceManager Multiple Cross-site Scripting (XSS) Vulnerabilities

2011-04-1100:00:00
vulners.com
40
JSON

Vulnerability title: Sonexis ConferenceManager Multiple Cross-site Scripting (XSS) Vulnerabilities

Solutionary ID: SERT-VDN-1005

Solutionary disclosure URL: http://www.solutionary.com/index/SERT/Vuln-Disclosures/Sonexis-XSS-Vulnerabilities.html

CVE ID: Pending

CVSS risk rating: 3.9

Product: Sonexis ConferenceManager

Application Vendor: Sonexis

Vendor URL: http://www.sonexis.com/products/index.asp

Date discovered: 2011-01-25

Discovered by: Rob Kraus and Solutionary Engineering Research Team (SERT)

Vendor notification date: 2011-02-18

Vendor response date: 2011-03-02

Vendor acknowledgment: 2011-03-02

Public disclosure date: 2011-04-06

Type of vulnerability: Cross-Site Scripting (XSS) - Stored and Reflected

Exploit vectors: Local and Remote

Vulnerability description: The applications web interface contains multiple injection points, which allow for execution of Cross-site Scripting (XSS) attacks.
Arbitrary client side code such as JavaScript can be included into certain parameters throughout the web application. The following parameters and web pages have
been tested and verified; however, it is likely more views and parameters within the application are vulnerable:

Stored XSS myAddressBook.asp (fname, lname, email_edit, email, email2, email3, sms, sms_id, work) parameters

Reflected XSS (vulnerable on 9.2.11.0 but not on 9.3.14.0) HostLogin.asp (txtConferenceID) parameter ParticipantLogin.asp (txtConferenceID) parameter ForgotPIN.asp
(acp) parameter Error.asp (Description, title, Heading) parameters

Tested on: Windows Server 2003 RC2 (SP2) with Sonexis ConferenceManager versions 9.2.11.0 and 9.3.14.0.

Affected software versions: Sonexis ConferenceManager versions 9.2.11.0 (Reflected XSS) and 9.3.14.0 (Stored XSS) (previous versions may also be vulnerable)

Impact: Successful attacks could disclose sensitive information about the user, session, and application to the attacker, resulting in a loss of confidentiality.
Using XSS, an attacker could insert malicious code into a web page and entice naΠΏve users to execute the malicious code.
Fixed in: Reflected XSS vulnerabilities appear to have been fixed during our testing of version 9.3.14.0. Please consult the vendor for the specific patch
addressing the reflected XSS items discovered.

Remediation guidelines: Restrict access to internal network segments and monitor vendor notifications for application updates that may address and fix the issues
identified.

JSON