CVE-2011-3686 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in myAddressBook.asp in Sonexis ConferenceManager 9.2.11.0 and 9.3.14.0 allow remote attackers to inject arbitrary web script or HTML via the (1) fname (2) lname (3) email_edit (4) email (5) email2 (6) email3 (7) sms (8) sms_id or (9) work parameter.

Reference

http://www.solutionary.com/index/SERT/Vuln-Disclosures/Sonexis-XSS-Vulnerabilities.html