Vulnerabilities > Comersus Open Technologies > Comersus Backoffice Lite
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-11-01 | CVE-2005-3397 | Input Validation And Information Disclosure vulnerability in Comersus BackOffice Cross-site scripting (XSS) vulnerability in Comersus BackOffice allows remote attackers to inject arbitrary web script or HTML via the error parameter to comersus_backoffice_supportError.asp. network comersus-open-technologies | 4.3 |
| 2005-05-02 | CVE-2005-0303 | Cross-Site Scripting vulnerability in Comersus Open Technologies Comersus Backoffice Lite 6.0/6.1 Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_supportError.asp or (2) comersus_backofficelite_supportError.asp in BackOffice Lite 6.0 and 6.01 allow remote attackers to inject arbitrary web script or HTML via the error parameter. network comersus-open-technologies | 4.3 |
| 2005-05-02 | CVE-2005-0302 | SQL-Injection vulnerability in Comersus Open Technologies Comersus Backoffice Lite 6.0/6.1 SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to execute arbitrary SQL commands via the referer field in the HTTP header. | 7.5 |
| 2005-05-02 | CVE-2005-0301 | Security Bypass vulnerability in Comersus Open Technologies Comersus Backoffice Lite 6.0/6.1 comersus_backoffice_install10.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to bypass authentication and gain privileges via a direct request to the program. | 7.5 |