CVE-2015-2210
NONE EPSS 45.7%
Published Sep 6, 20178y ago · Modified Jun 17, 20262w ago
Published Sep 6, 2017 8y ago
Last Modified Jun 17, 2026 2w ago
Description
The help window in Epicor CRS Retail Store before 3.2.03.01.008 allows local users to execute arbitrary code by injecting Javascript into the window source to create a button that spawns a command shell.
Threat Intelligence
EPSS Exploit Probability
45.7% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-77 Command Injection Injection
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| epicor | crs_retail_store | * | ≤3.2.03.01.008 |
References 2
- packetstormsecurity.com http://packetstormsecurity.com/files/131732/Epicor-Retail-Store-Help-System-3.2.03.01.008-Code-Execution.html
- securityfocus.com http://www.securityfocus.com/archive/1/535423/100/1000/threaded
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.