Vulnerabilities > Epicor
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-06 | CVE-2015-2210 | Command Injection vulnerability in Epicor CRS Retail Store The help window in Epicor CRS Retail Store before 3.2.03.01.008 allows local users to execute arbitrary code by injecting Javascript into the window source to create a button that spawns a command shell. | 7.2 |
| 2014-11-04 | CVE-2014-4311 | Information Exposure vulnerability in Epicor Enterprise Epicor Enterprise 7.4 before FS74SP6_HotfixTL054181 allows attackers to obtain the (1) Database Connection and (2) E-mail Connection passwords by reading HTML source code of the database connection and email settings page. | 5.0 |
| 2014-10-10 | CVE-2014-4313 | SQL Injection vulnerability in Epicor Procurement SQL injection vulnerability in Epicor Procurement before 7.4 SP2 allows remote attackers to execute arbitrary SQL commands via the User field. | 7.5 |
| 2014-10-10 | CVE-2014-4312 | Cross-Site Scripting vulnerability in Epicor Enterprise Multiple cross-site scripting (XSS) vulnerabilities in Epicor Enterprise 7.4 before FS74SP6_HotfixTL054181 allow remote attackers to inject arbitrary web script or HTML via the (1) Notes section to Order details; (2) Description section to "Order to consume"; (3) Favorites name section to Favorites; (4) FiltKeyword parameter to Procurement/EKPHTML/search_item_bt.asp; (5) Act parameter to Procurement/EKPHTML/EnterpriseManager/Budget/ImportBudget_fr.asp; (6) hdnOpener or (7) hdnApproverFieldName parameter to Procurement/EKPHTML/EnterpriseManager/UserSearchDlg.asp; or (8) INTEGRATED parameter to Procurement/EKPHTML/EnterpriseManager/Codes.asp. | 4.3 |