NVD脆弱性詳細

CVE-2005-3397

概要	Cross-site scripting (XSS) vulnerability in Comersus BackOffice allows remote attackers to inject arbitrary web script or HTML via the error parameter to comersus_backoffice_supportError.asp. NOTE: the comersus_backoffice_message.asp/message vector is already covered by CVE-2005-2191 item 2.
公表日	2005年11月1日21:47
登録日	2021年1月29日17:59
最終更新日	2008年9月6日5:54

CVSS2.0 : MEDIUM
スコア	4.3
ベクター	AV:N/AC:M/Au:N/C:N/I:P/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	低
可用性への影響(A)	なし
全ての特権を取得	いいえ
ユーザー権限を取得	いいえ
その他の権限を取得	いいえ
ユーザー操作が必要	いいえ

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite::::::::
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:4.2:::::::*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:4.5:::::::*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:4.10:::::::*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:4.11:::::::*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:4.30:::::::*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:4.32:::::::*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:5.0:::::::*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:5.0.9:::::::*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:6.0:::::::*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:6.0.1:::::::*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_plus::::::::
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_plus:4.2:::::::*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_plus:4.5:::::::*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_plus:4.10:::::::*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_plus:4.11:::::::*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_plus:4.30:::::::*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_plus:4.32:::::::*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_plus:5.0:::::::*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_plus:5.0.9:::::::*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_plus:6.0:::::::*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_plus:6.0.1:::::::*

構成1	以上	以下	より上	未満
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite::::::::
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:4.2:::::::*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:4.5:::::::*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:4.10:::::::*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:4.11:::::::*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:4.30:::::::*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:4.32:::::::*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:5.0:::::::*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:5.0.9:::::::*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:6.0:::::::*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_lite:6.0.1:::::::*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_plus::::::::
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_plus:4.2:::::::*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_plus:4.5:::::::*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_plus:4.10:::::::*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_plus:4.11:::::::*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_plus:4.30:::::::*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_plus:4.32:::::::*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_plus:5.0:::::::*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_plus:5.0.9:::::::*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_plus:6.0:::::::*
cpe:2.3:a:comersus_open_technologies:comersus_backoffice_plus:6.0.1:::::::*