Description
Cross-site scripting (XSS) vulnerability in Comersus BackOffice allows remote attackers to inject arbitrary web script or HTML via the error parameter to comersus_backoffice_supportError.asp. NOTE: the comersus_backoffice_message.asp/message vector is already covered by CVE-2005-2191 item 2.
Exploits (1)
References (1)
Core 1
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/15251
Scores
EPSS
0.0056
EPSS Percentile
68.3%
Details
Status
published
Products (22)
comersus_open_technologies/comersus_backoffice_lite
comersus_open_technologies/comersus_backoffice_lite
4.2
comersus_open_technologies/comersus_backoffice_lite
4.5
comersus_open_technologies/comersus_backoffice_lite
4.10
comersus_open_technologies/comersus_backoffice_lite
4.11
comersus_open_technologies/comersus_backoffice_lite
4.30
comersus_open_technologies/comersus_backoffice_lite
4.32
comersus_open_technologies/comersus_backoffice_lite
5.0
comersus_open_technologies/comersus_backoffice_lite
5.0.9
comersus_open_technologies/comersus_backoffice_lite
6.0
... and 12 more
Published
Nov 01, 2005
Tracked Since
Feb 18, 2026