Comersus Backoffice Lite
CVEs (4)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2005-3397 | 0.03 | — | 0.01 | Nov 1, 2005 | Cross-site scripting (XSS) vulnerability in Comersus BackOffice allows remote attackers to inject arbitrary web script or HTML via the error parameter to comersus_backoffice_supportError.asp. NOTE: the comersus_backoffice_message.asp/message vector is already covered by CVE-2005-2191 item 2. | ||
| CVE-2005-0302 | 0.00 | — | 0.01 | May 2, 2005 | SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to execute arbitrary SQL commands via the referer field in the HTTP header. | ||
| CVE-2005-0301 | 0.00 | — | 0.01 | May 2, 2005 | comersus_backoffice_install10.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to bypass authentication and gain privileges via a direct request to the program. | ||
| CVE-2005-0303 | 0.00 | — | 0.00 | May 2, 2005 | Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_supportError.asp or (2) comersus_backofficelite_supportError.asp in BackOffice Lite 6.0 and 6.01 allow remote attackers to inject arbitrary web script or HTML via the error parameter. |
- CVE-2005-3397Nov 1, 2005risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Comersus BackOffice allows remote attackers to inject arbitrary web script or HTML via the error parameter to comersus_backoffice_supportError.asp. NOTE: the comersus_backoffice_message.asp/message vector is already covered by CVE-2005-2191 item 2.
- CVE-2005-0302May 2, 2005risk 0.00cvss —epss 0.01
SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to execute arbitrary SQL commands via the referer field in the HTTP header.
- CVE-2005-0301May 2, 2005risk 0.00cvss —epss 0.01
comersus_backoffice_install10.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to bypass authentication and gain privileges via a direct request to the program.
- CVE-2005-0303May 2, 2005risk 0.00cvss —epss 0.00
Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_supportError.asp or (2) comersus_backofficelite_supportError.asp in BackOffice Lite 6.0 and 6.01 allow remote attackers to inject arbitrary web script or HTML via the error parameter.