[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Sonexis ConferenceManager Multiple Cross-site Scripting (XSS) Vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Sonexis ConferenceManager Multiple Cross-site Scripting (XSS) Vulnerabilities
From: robkraus@xxxxxxxxxxxxxxx
Date: Wed, 6 Apr 2011 10:34:08 -0600

Vulnerability title:  Sonexis ConferenceManager Multiple Cross-site Scripting 
(XSS) Vulnerabilities
 
Solutionary ID: SERT-VDN-1005

Solutionary disclosure URL: 
http://www.solutionary.com/index/SERT/Vuln-Disclosures/Sonexis-XSS-Vulnerabilities.html
 
CVE ID: Pending
 
CVSS risk rating: 3.9
 
Product:  Sonexis ConferenceManager
 
Application Vendor: Sonexis
 
Vendor URL: http://www.sonexis.com/products/index.asp
 
Date discovered: 2011-01-25
 
Discovered by: Rob Kraus and Solutionary Engineering Research Team (SERT)
 
Vendor notification date: 2011-02-18
 
Vendor response date: 2011-03-02
 
Vendor acknowledgment: 2011-03-02
 
Public disclosure date: 2011-04-06
 
Type of vulnerability: Cross-Site Scripting (XSS) - Stored and Reflected

Exploit vectors: Local and Remote
 
Vulnerability description: The applications web interface contains multiple 
injection points, which allow for execution of Cross-site Scripting (XSS) 
attacks. Arbitrary client side code such as JavaScript can be included into 
certain parameters throughout the web application. The following parameters and 
web pages have been tested and verified; however, it is likely more views and 
parameters within the application are vulnerable: 

Stored XSS myAddressBook.asp (fname, lname, email_edit, email, email2, email3, 
sms, sms_id, work) parameters 

Reflected XSS (vulnerable on 9.2.11.0 but not on 9.3.14.0) HostLogin.asp 
(txtConferenceID) parameter ParticipantLogin.asp (txtConferenceID) parameter 
ForgotPIN.asp (acp) parameter Error.asp (Description, title, Heading) parameters
  
Tested on: Windows Server 2003 RC2 (SP2) with Sonexis ConferenceManager 
versions 9.2.11.0 and 9.3.14.0.
 
Affected software versions:  Sonexis ConferenceManager versions 9.2.11.0 
(Reflected XSS) and 9.3.14.0 (Stored XSS) (previous versions may also be 
vulnerable)
 
Impact: Successful attacks could disclose sensitive information about the user, 
session, and application to the attacker, resulting in a loss of 
confidentiality. Using XSS, an attacker could insert malicious code into a web 
page and entice naïve users to execute the malicious code. 
Fixed in: Reflected XSS vulnerabilities appear to have been fixed during our 
testing of version 9.3.14.0. Please consult the vendor for the specific patch 
addressing the reflected XSS items discovered.
 
Remediation guidelines: Restrict access to internal network segments and 
monitor vendor notifications for application updates that may address and fix 
the issues identified.

Prev by Date: [USN-1107-1] x11-xserver-utils vulnerability
Next by Date: [SECURITY] [DSA 2211-1] vlc security update
Previous by thread: [USN-1107-1] x11-xserver-utils vulnerability
Next by thread: [SECURITY] [DSA 2211-1] vlc security update
Index(es):
- Date
- Thread