Aggregates CVE and security vulnerability intelligence across all sonexis-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk cross-site scripting and vendor risk sql injection; exposure may include vendor impact session compromise and vendor impact data exposure in vendor surface software deployment contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2011-3688 | Multiple SQL injection vulnerabilities in Sonexis ConferenceManager 9.3.14.0 allow remote attackers to execute arbitrary SQL commands via (1) the g parameter to Conference/Audio/AudioResourceContainer.asp or (2) the txtConferenceID parameter to Login/HostLogin.asp. | [email protected] | 7.5 | 0.32% | 2011-09-27 | 2026-04-29 |
| CVE-2011-3687 | Multiple cross-site scripting (XSS) vulnerabilities in Sonexis ConferenceManager 9.2.11.0 allow remote attackers to inject arbitrary web script or HTML via (1) the txtConferenceID parameter to HostLogin.asp, (2) the txtConferenceID parameter to ParticipantLogin.asp, (3) the acp parameter to ForgotPIN.asp, or the (4) Description, (5) title, or (6) Heading parameter to Error.asp. | [email protected] | 4.3 | 0.32% | 2011-09-27 | 2026-04-29 |
| CVE-2011-3686 | Multiple cross-site scripting (XSS) vulnerabilities in myAddressBook.asp in Sonexis ConferenceManager 9.2.11.0 and 9.3.14.0 allow remote attackers to inject arbitrary web script or HTML via the (1) fname, (2) lname, (3) email_edit, (4) email, (5) email2, (6) email3, (7) sms, (8) sms_id, or (9) work parameter. | [email protected] | 4.3 | 0.32% | 2011-09-27 | 2026-04-29 |