Vulnerabilities > CVE-2005-3397 - Input Validation And Information Disclosure vulnerability in Comersus BackOffice

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
comersus-open-technologies
exploit available
NVD
Published: 2005-11-01
Updated: 2008-09-05

Summary

Cross-site scripting (XSS) vulnerability in Comersus BackOffice allows remote attackers to inject arbitrary web script or HTML via the error parameter to comersus_backoffice_supportError.asp. NOTE: the comersus_backoffice_message.asp/message vector is already covered by CVE-2005-2191 item 2.

Vulnerable Configurations

Part Description Count
Application
Comersus_Open_Technologies
22

Exploit-Db

descriptionComersus BackOffice 4.x/5.0/6.0 comersus_backoffice_supportError.asp error Parameter XSS. CVE-2005-3397. Webapps exploit for asp platform
idEDB-ID:26444
last seen2016-02-03
modified2005-10-31
published2005-10-31
reporter_6mO_HaCk
sourcehttps://www.exploit-db.com/download/26444/
titleComersus BackOffice 4.x/5.0/6.0 comersus_backoffice_supportError.asp error Parameter XSS

References