CVE Vulnerabilities

CVE-2005-3397

Published: Nov 01, 2005 | Modified: Sep 05, 2008
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

Cross-site scripting (XSS) vulnerability in Comersus BackOffice allows remote attackers to inject arbitrary web script or HTML via the error parameter to comersus_backoffice_supportError.asp. NOTE: the comersus_backoffice_message.asp/message vector is already covered by CVE-2005-2191 item 2.

Affected Software

Name Vendor Start Version End Version
Comersus_backoffice_lite Comersus_open_technologies * *
Comersus_backoffice_lite Comersus_open_technologies 4.2 4.2
Comersus_backoffice_lite Comersus_open_technologies 4.5 4.5
Comersus_backoffice_lite Comersus_open_technologies 4.10 4.10
Comersus_backoffice_lite Comersus_open_technologies 4.11 4.11
Comersus_backoffice_lite Comersus_open_technologies 4.30 4.30
Comersus_backoffice_lite Comersus_open_technologies 4.32 4.32
Comersus_backoffice_lite Comersus_open_technologies 5.0 5.0
Comersus_backoffice_lite Comersus_open_technologies 5.0.9 5.0.9
Comersus_backoffice_lite Comersus_open_technologies 6.0 6.0
Comersus_backoffice_lite Comersus_open_technologies 6.0.1 6.0.1
Comersus_backoffice_plus Comersus_open_technologies * *
Comersus_backoffice_plus Comersus_open_technologies 4.2 4.2
Comersus_backoffice_plus Comersus_open_technologies 4.5 4.5
Comersus_backoffice_plus Comersus_open_technologies 4.10 4.10
Comersus_backoffice_plus Comersus_open_technologies 4.11 4.11
Comersus_backoffice_plus Comersus_open_technologies 4.30 4.30
Comersus_backoffice_plus Comersus_open_technologies 4.32 4.32
Comersus_backoffice_plus Comersus_open_technologies 5.0 5.0
Comersus_backoffice_plus Comersus_open_technologies 5.0.9 5.0.9
Comersus_backoffice_plus Comersus_open_technologies 6.0 6.0
Comersus_backoffice_plus Comersus_open_technologies 6.0.1 6.0.1

References