Sonexis ConferenceManager Multiple Cross-site Scripting (XSS) Vulnerabilities

2011-10-01 / 2011-10-02

Credit: Sonexis

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2011-3687

CWE: CWE-79

CVSS Base Score: 4.3/10

Impact Subscore: 2.9/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: None

Integrity impact: Partial

Availability impact: None

Sonexis ConferenceManager Multiple Cross-site Scripting (XSS) Vulnerabilities
Solutionary ID: SERT-VDN-1005
CVE ID: CVE-2011-3686, CVE-2011-3687
Product: Sonexis ConferenceManager
Application Vendor: Sonexis
Vendor URL: http://www.sonexis.com/products/index.asp
Date discovered: 1/27/2011
Discovered by: Rob Kraus and Solutionary Engineering Research Team (SERT)
Vendor notification date: 2/18/2011
Vendor response date: 3/02/2011
Vendor acknowledgment date: 3/02/2011

Public disclosure date: 4/06/2011

Type of vulnerability: Cross Site Scripting (XSS) - Stored and Reflected

Exploit Vectors: Local and Remote

Vulnerability Description: The applications web interface contains multiple injection points, which allow for execution of Cross-site Scripting (XSS) attacks. Arbitrary client side code such as JavaScript can be included into certain parameters throughout the web application.  

The following parameters and web pages have been tested and verified; however, it is likely more views and parameters within the application are vulnerable:

Stored XSS

myAddressBook.asp (fname, lname, email_edit, email, email2, email3, sms, sms_id, work) parameters

Reflected XSS (vulnerable on 9.2.11.0 but not on 9.3.14.0)

HostLogin.asp (txtConferenceID) parameter ParticipantLogin.asp (txtConferenceID) parameter ForgotPIN.asp (acp) parameter Error.asp (Description, title, Heading) parameters

Tested on:Windows Server 2003 RC2 (SP2) with Sonexis ConferenceManager versions 9.2.11.0 and 9.3.14.0

Affected software versions:Sonexis ConferenceManager versions 9.2.11.0 (Reflected XSS) and 9.3.14.0 (Stored XSS) (previous versions may also be vulnerable)

Impact:Successful attacks could disclose sensitive information about the user, session, and application to the attacker, resulting in a loss of confidentiality. Using XSS, an attacker could insert malicious code into a web page and entice na&#239;ve users to execute the malicious code.

Fixed in:Reflected XSS vulnerabilities appear to have been fixed during our testing of version 9.3.14.0. Please consult the vendor for the specific patch addressing the reflected XSS items discovered. 

References:

http://www.solutionary.com/index/SERT/Vuln-Disclosures/Sonexis-XSS-Vulnerabilities.html

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Sonexis ConferenceManager Multiple Cross-site Scripting (XSS) Vulnerabilities

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.