Comersus Open Technologies » Comersus Backoffice Plus : Security Vulnerabilities, CVEs,
Cross-site scripting (XSS) vulnerability in Comersus BackOffice allows remote attackers to inject arbitrary web script or HTML via the error parameter to comersus_backoffice_supportError.asp. NOTE: the comersus_backoffice_message.asp/message vector is already covered by CVE-2005-2191 item 2.
Max CVSS
4.3
EPSS Score
0.10%
Published
2005-11-01
Updated
2008-09-05
Cross-site scripting (XSS) vulnerability in comersus_backoffice_searchItemForm.asp in Comersus BackOffice Plus allows remote attackers to inject arbitrary web script or HTML via the (1) forwardTo1, (2) forwardTo2, (3) nameFT1, or (4) nameFT2 parameters.
Max CVSS
4.3
EPSS Score
0.23%
Published
2005-10-23
Updated
2008-09-05
2 vulnerabilities found