CVE-2011-3686

Sonexis ConferenceManager 9.2.11.0-9.3.14.0 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in myAddressBook.asp in Sonexis ConferenceManager 9.2.11.0 and 9.3.14.0 allow remote attackers to inject arbitrary web script or HTML via the (1) fname, (2) lname, (3) email_edit, (4) email, (5) email2, (6) email3, (7) sms, (8) sms_id, or (9) work parameter.

References (1)

[Exploit] http://www.solutionary.com/index/SERT/Vuln-Disclosures/Sonexis-XSS-Vulnerabilities.html

Scores

EPSS 0.0032

EPSS Percentile 54.5%

Classification

CWE

CWE-79

Status published

Affected Products (3)

sonexis/conferencemanager

n/a/n/a

Timeline

Published Sep 27, 2011

Tracked Since Feb 18, 2026