CVE-2015-2210

NONE EPSS 45.7%
Published Sep 6, 20178y ago · Modified Jun 17, 20262w ago
Find Similar
Published Sep 6, 2017 8y ago
Last Modified Jun 17, 2026 2w ago

Description

The help window in Epicor CRS Retail Store before 3.2.03.01.008 allows local users to execute arbitrary code by injecting Javascript into the window source to create a button that spawns a command shell.

Threat Intelligence

EPSS Exploit Probability
45.7% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-77 Command Injection Injection

Affected Products 1

VendorProductVersionRange
epicorcrs_retail_store* ≤3.2.03.01.008

References 2

  • packetstormsecurity.com http://packetstormsecurity.com/files/131732/Epicor-Retail-Store-Help-System-3.2.03.01.008-Code-Execution.html
    MitigationThird Party AdvisoryVDB Entry
  • securityfocus.com http://www.securityfocus.com/archive/1/535423/100/1000/threaded

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.