Arbitrary Code Execution via Help Window Injection in Epicor CRS Retail Store

Arbitrary Code Execution via Help Window Injection in Epicor CRS Retail Store

CVE-2015-2210 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

The help window in Epicor CRS Retail Store before 3.2.03.01.008 allows local users to execute arbitrary code by injecting Javascript into the window source to create a button that spawns a command shell.

Learn more about our User Device Pen Test.