header-logo
Suggest Exploit
vendor:
BackOfficePlus, BackOfficeLite
by:
7.5
CVSS
HIGH
Input Validation and Information Disclosure
89, 200, 352
CWE
Product Name: BackOfficePlus, BackOfficeLite
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Comersus BackOfficePlus and BackOfficeLite Input Validation and Information Disclosure Vulnerabilities

The applications are prone to SQL injection attacks, information disclosure, and multiple cross-site scripting attacks. An attacker can exploit these vulnerabilities to retrieve sensitive and privileged information, gain access to the application as an administrative user, and perform cross-site scripting attacks to retrieve cookie-based authentication credentials from victim users; other attacks are also possible.

Mitigation:

Implement proper input validation and sanitization to prevent SQL injection and cross-site scripting attacks. Regularly update the software to the latest version to address any known vulnerabilities.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15251/info

Comersus BackOfficePlus and BackOfficeLite are prone to multiple input validation and information disclosure vulnerabilities.

The applications are prone to SQL injection attacks, information disclosure and multiple cross-site scripting attacks.

An attacker can exploit these vulnerabilities to retrieve sensitive and privileged information, gain access to the application as an administrative user and perform cross-site scripting attacks to retrieve cookie-based authentication credentials from victim users; other attacks are also possible. 

http://www.example.com/comersus/backofficePlus/comersus_backoffice_supportError.asp?error=<script>alert('vul');</script>