Comersus Open Technologies Comersus Backoffice Lite vulnerabilities
4 known vulnerabilities affecting comersus_open_technologies/comersus_backoffice_lite.
Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2005-0301P3HIGHCVSS 7.5v6.0v6.12005-05-02
CVE-2005-0301 [HIGH] CVE-2005-0301: comersus_backoffice_install10.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to bypass
comersus_backoffice_install10.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to bypass authentication and gain privileges via a direct request to the program.
nvd
CVE-2005-3397P4MEDIUMCVSS 4.3PoCv4.2v4.5+8 more2005-11-01
CVE-2005-3397 [MEDIUM] CVE-2005-3397: Cross-site scripting (XSS) vulnerability in Comersus BackOffice allows remote attackers to inject ar
Cross-site scripting (XSS) vulnerability in Comersus BackOffice allows remote attackers to inject arbitrary web script or HTML via the error parameter to comersus_backoffice_supportError.asp. NOTE: the comersus_backoffice_message.asp/message vector is already covered by CVE-2005-2191 item 2.
nvd
CVE-2005-0302P4HIGHCVSS 7.5v6.0v6.12005-05-02
CVE-2005-0302 [HIGH] CVE-2005-0302: SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers t
SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to execute arbitrary SQL commands via the referer field in the HTTP header.
nvd
CVE-2005-0303P4MEDIUMCVSS 4.3v6.0v6.12005-05-02
CVE-2005-0303 [MEDIUM] CVE-2005-0303: Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_supportError.asp or (2) comersus
Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_supportError.asp or (2) comersus_backofficelite_supportError.asp in BackOffice Lite 6.0 and 6.01 allow remote attackers to inject arbitrary web script or HTML via the error parameter.
nvd