CyberSec.Space Logo
Back to CVE Browser

CVE-2015-2210

HIGH
7.8
CVSS Severity Score
EPSS Score0.1910%
EPSS Percentile9.77th
PublishedSep 6, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

The help window in Epicor CRS Retail Store before 3.2.03.01.008 allows local users to execute arbitrary code by injecting Javascript into the window source to create a button that spawns a command shell.

Affected Platforms (CPE)

πŸ“¦
Epicor

Crs Retail Store

<= 3.2.03.01.008

References & Advisories

πŸ”— http://packetstormsecurity.com/files/131732/Epicor-Retail-Store-Help-System-3.2.03.01.008-Code-Execution.html
πŸ”— http://www.securityfocus.com/archive/1/535423/100/1000/threaded
πŸ”— http://packetstormsecurity.com/files/131732/Epicor-Retail-Store-Help-System-3.2.03.01.008-Code-Execution.html
πŸ”— http://www.securityfocus.com/archive/1/535423/100/1000/threaded

Related Vulnerabilities

CVE-2015-033310.0

Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux ...

CVE-2015-034110.0

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X a...

CVE-2015-304810.0

Buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to ex...

CVE-2015-033510.0

Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux ...