CVE-2015-2210

The help window in Epicor CRS Retail Store before 3.2.03.01.008 allows local users to execute arbitrary code by injecting Javascript into the window source to create a button that spawns a command shell.
Configurations

Configuration 1 (hide)

cpe:2.3:a:epicor:crs_retail_store:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-09-06 21:29

Updated : 2024-02-28 16:04


NVD link : CVE-2015-2210

Mitre link : CVE-2015-2210

CVE.ORG link : CVE-2015-2210


JSON object : View

Products Affected

epicor

  • crs_retail_store
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')