Epicor : Security Vulnerabilities, CVEs,

CVE-2015-2210

The help window in Epicor CRS Retail Store before 3.2.03.01.008 allows local users to execute arbitrary code by injecting Javascript into the window source to create a button that spawns a command shell.
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-09-06
Updated
2018-10-09

CVE-2014-4313

SQL injection vulnerability in Epicor Procurement before 7.4 SP2 allows remote attackers to execute arbitrary SQL commands via the User field.
Max CVSS
7.5
EPSS Score
0.14%
Published
2014-10-10
Updated
2017-08-29

CVE-2014-4312

Multiple cross-site scripting (XSS) vulnerabilities in Epicor Enterprise 7.4 before FS74SP6_HotfixTL054181 allow remote attackers to inject arbitrary web script or HTML via the (1) Notes section to Order details; (2) Description section to "Order to consume"; (3) Favorites name section to Favorites; (4) FiltKeyword parameter to Procurement/EKPHTML/search_item_bt.asp; (5) Act parameter to Procurement/EKPHTML/EnterpriseManager/Budget/ImportBudget_fr.asp; (6) hdnOpener or (7) hdnApproverFieldName parameter to Procurement/EKPHTML/EnterpriseManager/UserSearchDlg.asp; or (8) INTEGRATED parameter to Procurement/EKPHTML/EnterpriseManager/Codes.asp.
Max CVSS
4.3
EPSS Score
0.30%
Published
2014-10-10
Updated
2017-08-29

CVE-2014-4311

Epicor Enterprise 7.4 before FS74SP6_HotfixTL054181 allows attackers to obtain the (1) Database Connection and (2) E-mail Connection passwords by reading HTML source code of the database connection and email settings page.
Max CVSS
5.0
EPSS Score
0.26%
Published
2014-11-04
Updated
2014-11-05
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close