CVE-2005-3285

Comersus Open Technologies Comersus Backoffice Plus - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in comersus_backoffice_searchItemForm.asp in Comersus BackOffice Plus allows remote attackers to inject arbitrary web script or HTML via the (1) forwardTo1, (2) forwardTo2, (3) nameFT1, or (4) nameFT2 parameters.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Lostmon · textwebappsasp

https://www.exploit-db.com/exploits/26351

View Code ZIP pw:eip

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/20032

Exploit, Vendor Advisory x_refsource_misc

http://lostmon.blogspot.com/2005/10/comersus-backoffice-plus-cross-site.html

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/15118

Exploit, Vendor Advisory vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1015064

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/17219

Scores

EPSS 0.0073

EPSS Percentile 72.7%

Details

Status published

Products (1)

comersus_open_technologies/comersus_backoffice_plus

Published Oct 23, 2005

Tracked Since Feb 18, 2026