Vulnerabilities > Comersus Open Technologies > Comersus Backoffice Lite > 6.0

DATE	CVE	VULNERABILITY TITLE	RISK
2005-11-01	CVE-2005-3397	Input Validation And Information Disclosure vulnerability in Comersus BackOffice Cross-site scripting (XSS) vulnerability in Comersus BackOffice allows remote attackers to inject arbitrary web script or HTML via the error parameter to comersus_backoffice_supportError.asp. network comersus-open-technologies	4.3
2005-05-02	CVE-2005-0303	Cross-Site Scripting vulnerability in Comersus Open Technologies Comersus Backoffice Lite 6.0/6.1 Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_supportError.asp or (2) comersus_backofficelite_supportError.asp in BackOffice Lite 6.0 and 6.01 allow remote attackers to inject arbitrary web script or HTML via the error parameter. network comersus-open-technologies	4.3
2005-05-02	CVE-2005-0302	SQL-Injection vulnerability in Comersus Open Technologies Comersus Backoffice Lite 6.0/6.1 SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to execute arbitrary SQL commands via the referer field in the HTTP header. network low complexity comersus-open-technologies	7.5
2005-05-02	CVE-2005-0301	Security Bypass vulnerability in Comersus Open Technologies Comersus Backoffice Lite 6.0/6.1 comersus_backoffice_install10.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to bypass authentication and gain privileges via a direct request to the program. network low complexity comersus-open-technologies	7.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.