2 matches found
CVE-2015-2210
Epicor CRS Retail Store contains a local code execution flaw in the Help window (v3.2.03.01.008). By injecting JavaScript into the Help window source, an attacker can create a button that spawns a command shell, via an ActiveX payload, allowing a local user to run arbitrary commands. Affected com...
Epicor Retail Store Help System 3.2.03.01.008 Code Execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Title: Code Injection in Epicor Retail Store Help System CVE: CVE-2015-2210 Vendor: Epicor Product: CRS Retail Store v3.2.03.01.008 Affected version: 3.2.03.01.008 Reported by: Zeng Xianbo Joseph [email protected] Issue identified by: Zeng...