Vulnerabilities > Comersus Open Technologies > Comersus Backoffice Lite

DATE CVE VULNERABILITY TITLE RISK
2005-11-01 CVE-2005-3397 Input Validation And Information Disclosure vulnerability in Comersus BackOffice
Cross-site scripting (XSS) vulnerability in Comersus BackOffice allows remote attackers to inject arbitrary web script or HTML via the error parameter to comersus_backoffice_supportError.asp.
4.3
2005-05-02 CVE-2005-0303 Cross-Site Scripting vulnerability in Comersus Open Technologies Comersus Backoffice Lite 6.0/6.1
Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_supportError.asp or (2) comersus_backofficelite_supportError.asp in BackOffice Lite 6.0 and 6.01 allow remote attackers to inject arbitrary web script or HTML via the error parameter.
4.3
2005-05-02 CVE-2005-0302 SQL-Injection vulnerability in Comersus Open Technologies Comersus Backoffice Lite 6.0/6.1
SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to execute arbitrary SQL commands via the referer field in the HTTP header.
network
low complexity
comersus-open-technologies
7.5
2005-05-02 CVE-2005-0301 Security Bypass vulnerability in Comersus Open Technologies Comersus Backoffice Lite 6.0/6.1
comersus_backoffice_install10.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to bypass authentication and gain privileges via a direct request to the program.
network
low complexity
comersus-open-technologies
7.5