Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2005-3397

Опубликовано: 01 нояб. 2005
Источник: nvd
CVSS2: 4.3
EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in Comersus BackOffice allows remote attackers to inject arbitrary web script or HTML via the error parameter to comersus_backoffice_supportError.asp. NOTE: the comersus_backoffice_message.asp/message vector is already covered by CVE-2005-2191 item 2.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:*:*:*:*:*:*:*:*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:4.2:*:*:*:*:*:*:*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:4.5:*:*:*:*:*:*:*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:4.10:*:*:*:*:*:*:*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:4.11:*:*:*:*:*:*:*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:4.30:*:*:*:*:*:*:*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:4.32:*:*:*:*:*:*:*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:5.0:*:*:*:*:*:*:*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:5.0.9:*:*:*:*:*:*:*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:6.0:*:*:*:*:*:*:*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_plus:*:*:*:*:*:*:*:*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_plus:4.2:*:*:*:*:*:*:*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_plus:4.5:*:*:*:*:*:*:*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_plus:4.10:*:*:*:*:*:*:*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_plus:4.11:*:*:*:*:*:*:*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_plus:4.30:*:*:*:*:*:*:*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_plus:4.32:*:*:*:*:*:*:*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_plus:5.0:*:*:*:*:*:*:*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_plus:5.0.9:*:*:*:*:*:*:*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_plus:6.0:*:*:*:*:*:*:*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_plus:6.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 67%
0.00558
Низкий

4.3 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

github логотип

GHSA-3gpq-hwqc-v65w

github
больше 3 лет назад

Cross-site scripting (XSS) vulnerability in Comersus BackOffice allows remote attackers to inject arbitrary web script or HTML via the error parameter to comersus_backoffice_supportError.asp. NOTE: the comersus_backoffice_message.asp/message vector is already covered by CVE-2005-2191 item 2.

EPSS

Процентиль: 67%
0.00558
Низкий

4.3 Medium

CVSS2

Дефекты

NVD-CWE-Other