Lucene search

MitreCVE-2005-3397

HistoryNov 01, 2005 - 12:47 p.m.

CVE-2005-3397

2005-11-0112:47:00

mitre

web.nvd.nist.gov

cve-2005-3397

cross-site scripting

xss

comersus backoffice

security vulnerability

remote attack

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.003

Percentile

68.9%

JSON

Cross-site scripting (XSS) vulnerability in Comersus BackOffice allows remote attackers to inject arbitrary web script or HTML via the error parameter to comersus_backoffice_supportError.asp. NOTE: the comersus_backoffice_message.asp/message vector is already covered by CVE-2005-2191 item 2.

Affected configurations

Nvd

Node

comersus_open_technologiescomersus_backoffice_lite

comersus_open_technologiescomersus_backoffice_liteMatch4.2

comersus_open_technologiescomersus_backoffice_liteMatch4.5

comersus_open_technologiescomersus_backoffice_liteMatch4.10

comersus_open_technologiescomersus_backoffice_liteMatch4.11

comersus_open_technologiescomersus_backoffice_liteMatch4.30

comersus_open_technologiescomersus_backoffice_liteMatch4.32

comersus_open_technologiescomersus_backoffice_liteMatch5.0

comersus_open_technologiescomersus_backoffice_liteMatch5.0.9

comersus_open_technologiescomersus_backoffice_liteMatch6.0

comersus_open_technologiescomersus_backoffice_liteMatch6.0.1

comersus_open_technologiescomersus_backoffice_plus

comersus_open_technologiescomersus_backoffice_plusMatch4.2

comersus_open_technologiescomersus_backoffice_plusMatch4.5

comersus_open_technologiescomersus_backoffice_plusMatch4.10

comersus_open_technologiescomersus_backoffice_plusMatch4.11

comersus_open_technologiescomersus_backoffice_plusMatch4.30

comersus_open_technologiescomersus_backoffice_plusMatch4.32

comersus_open_technologiescomersus_backoffice_plusMatch5.0

comersus_open_technologiescomersus_backoffice_plusMatch5.0.9

comersus_open_technologiescomersus_backoffice_plusMatch6.0

comersus_open_technologiescomersus_backoffice_plusMatch6.0.1

VendorProductVersionCPE
comersus_open_technologiescomersus_backoffice_lite*cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:*:*:*:*:*:*:*:*
comersus_open_technologiescomersus_backoffice_lite4.2cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:4.2:*:*:*:*:*:*:*
comersus_open_technologiescomersus_backoffice_lite4.5cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:4.5:*:*:*:*:*:*:*
comersus_open_technologiescomersus_backoffice_lite4.10cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:4.10:*:*:*:*:*:*:*
comersus_open_technologiescomersus_backoffice_lite4.11cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:4.11:*:*:*:*:*:*:*
comersus_open_technologiescomersus_backoffice_lite4.30cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:4.30:*:*:*:*:*:*:*
comersus_open_technologiescomersus_backoffice_lite4.32cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:4.32:*:*:*:*:*:*:*
comersus_open_technologiescomersus_backoffice_lite5.0cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:5.0:*:*:*:*:*:*:*
comersus_open_technologiescomersus_backoffice_lite5.0.9cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:5.0.9:*:*:*:*:*:*:*
comersus_open_technologiescomersus_backoffice_lite6.0cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:6.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
comersus_open_technologies	comersus_backoffice_lite	*	cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite::::::::
comersus_open_technologies	comersus_backoffice_lite	4.2	cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:4.2:::::::*
comersus_open_technologies	comersus_backoffice_lite	4.5	cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:4.5:::::::*
comersus_open_technologies	comersus_backoffice_lite	4.10	cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:4.10:::::::*
comersus_open_technologies	comersus_backoffice_lite	4.11	cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:4.11:::::::*
comersus_open_technologies	comersus_backoffice_lite	4.30	cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:4.30:::::::*
comersus_open_technologies	comersus_backoffice_lite	4.32	cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:4.32:::::::*
comersus_open_technologies	comersus_backoffice_lite	5.0	cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:5.0:::::::*
comersus_open_technologies	comersus_backoffice_lite	5.0.9	cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:5.0.9:::::::*
comersus_open_technologies	comersus_backoffice_lite	6.0	cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:6.0:::::::*

Rows per page:

1-10 of 221

References

www.securityfocus.com/bid/15251

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.003

Percentile

68.9%

JSON

Related for CVE-2005-3397