Cross-site scripting (XSS) vulnerability in Comersus BackOffice allows remote malicious users to inject arbitrary web script or HTML via the error parameter to comersus_backoffice_supportError.asp. NOTE: the comersus_backoffice_message.asp/message vector is already covered by CVE-2005-2191 item 2.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
comersus open technologies comersus backoffice lite 4.30 |
||
comersus open technologies comersus backoffice lite 4.5 |
||
comersus open technologies comersus backoffice plus |
||
comersus open technologies comersus backoffice plus 4.11 |
||
comersus open technologies comersus backoffice plus 4.30 |
||
comersus open technologies comersus backoffice plus 6.0 |
||
comersus open technologies comersus backoffice lite 4.2 |
||
comersus open technologies comersus backoffice lite 4.32 |
||
comersus open technologies comersus backoffice plus 4.10 |
||
comersus open technologies comersus backoffice plus 4.2 |
||
comersus open technologies comersus backoffice plus 6.0.1 |
||
comersus open technologies comersus backoffice lite |
||
comersus open technologies comersus backoffice lite 4.10 |
||
comersus open technologies comersus backoffice lite 4.11 |
||
comersus open technologies comersus backoffice plus 4.32 |
||
comersus open technologies comersus backoffice plus 4.5 |
||
comersus open technologies comersus backoffice plus 5.0 |
||
comersus open technologies comersus backoffice plus 5.0.9 |
||
comersus open technologies comersus backoffice lite 5.0 |
||
comersus open technologies comersus backoffice lite 5.0.9 |
||
comersus open technologies comersus backoffice lite 6.0 |
||
comersus open technologies comersus backoffice lite 6.0.1 |