comersus_backoffice_install10.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to bypass authentication and gain privileges via a direct request to the program.
7.1AI Score
0.007EPSS
SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to execute arbitrary SQL commands via the referer field in the HTTP header.
8.8AI Score
0.002EPSS
Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_supportError.asp or (2) comersus_backofficelite_supportError.asp in BackOffice Lite 6.0 and 6.01 allow remote attackers to inject arbitrary web script or HTML via the error parameter.
6AI Score
0.003EPSS
Cross-site scripting (XSS) vulnerability in Comersus BackOffice allows remote attackers to inject arbitrary web script or HTML via the error parameter to comersus_backoffice_supportError.asp. NOTE: the comersus_backoffice_message.asp/message vector is already covered by CVE-2005-2191 item 2.
5.7AI Score
0.003EPSS