CVE-2005-3397

Comersus BackOffice - Cross-Site Scripting via Support Error Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-3397. PoCs published by _6mO_HaCk.

AI-analyzed exploit summary The provided text describes multiple vulnerabilities in Comersus BackOfficePlus and BackOfficeLite, including SQL injection, information disclosure, and cross-site scripting (XSS). It includes an example XSS payload but lacks executable exploit code.

Description

Cross-site scripting (XSS) vulnerability in Comersus BackOffice allows remote attackers to inject arbitrary web script or HTML via the error parameter to comersus_backoffice_supportError.asp. NOTE: the comersus_backoffice_message.asp/message vector is already covered by CVE-2005-2191 item 2.

Exploits (1)

exploitdb WRITEUP VERIFIED
by _6mO_HaCk · textwebappsasp
https://www.exploit-db.com/exploits/26444

The provided text describes multiple vulnerabilities in Comersus BackOfficePlus and BackOfficeLite, including SQL injection, information disclosure, and cross-site scripting (XSS). It includes an example XSS payload but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Xss | Sqli | Info Leak
Complexity
Trivial
Reliability
Theoretical
Target: Comersus BackOfficePlus and BackOfficeLite
No auth needed
Prerequisites: Access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15251

Scores

EPSS 0.0139
EPSS Percentile 68.9%

Details

Status published
Products (22)
comersus_open_technologies/comersus_backoffice_lite
comersus_open_technologies/comersus_backoffice_lite 4.2
comersus_open_technologies/comersus_backoffice_lite 4.5
comersus_open_technologies/comersus_backoffice_lite 4.10
comersus_open_technologies/comersus_backoffice_lite 4.11
comersus_open_technologies/comersus_backoffice_lite 4.30
comersus_open_technologies/comersus_backoffice_lite 4.32
comersus_open_technologies/comersus_backoffice_lite 5.0
comersus_open_technologies/comersus_backoffice_lite 5.0.9
comersus_open_technologies/comersus_backoffice_lite 6.0
... and 12 more
Published Nov 01, 2005
Tracked Since Feb 18, 2026