CyberSec.Space Logo
返回 CVE 浏览器

CVE-2015-2210

HIGH
7.8
CVSS Severity Score
EPSS Score0.1910%
EPSS Percentile9.77th
Published2017年9月6日
Last Modified2026年5月13日

Vulnerability Description

The help window in Epicor CRS Retail Store before 3.2.03.01.008 allows local users to execute arbitrary code by injecting Javascript into the window source to create a button that spawns a command shell.

Affected Platforms (CPE)

📦
Epicor

Crs Retail Store

<= 3.2.03.01.008

References & Advisories

🔗 http://packetstormsecurity.com/files/131732/Epicor-Retail-Store-Help-System-3.2.03.01.008-Code-Execution.html
🔗 http://www.securityfocus.com/archive/1/535423/100/1000/threaded
🔗 http://packetstormsecurity.com/files/131732/Epicor-Retail-Store-Help-System-3.2.03.01.008-Code-Execution.html
🔗 http://www.securityfocus.com/archive/1/535423/100/1000/threaded

相关漏洞威胁

CVE-2015-033310.0

Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux ...

CVE-2015-034110.0

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X a...

CVE-2015-304810.0

Buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to ex...

CVE-2015-033510.0

Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux ...