Vulnerabilities > Comersus Open Technologies > Comersus Backoffice Plus > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2005-11-01	CVE-2005-3397	Input Validation And Information Disclosure vulnerability in Comersus BackOffice Cross-site scripting (XSS) vulnerability in Comersus BackOffice allows remote attackers to inject arbitrary web script or HTML via the error parameter to comersus_backoffice_supportError.asp. network comersus-open-technologies	4.3
2005-10-23	CVE-2005-3285	Cross-Site Scripting vulnerability in Comersus BackOffice Plus Cross-site scripting (XSS) vulnerability in comersus_backoffice_searchItemForm.asp in Comersus BackOffice Plus allows remote attackers to inject arbitrary web script or HTML via the (1) forwardTo1, (2) forwardTo2, (3) nameFT1, or (4) nameFT2 parameters. network comersus-open-technologies	4.3

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.