Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2014-4312

Published: 10/10/2014 Updated: 29/08/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in Epicor Enterprise 7.4 before FS74SP6_HotfixTL054181 allow remote malicious users to inject arbitrary web script or HTML via the (1) Notes section to Order details; (2) Description section to "Order to consume"; (3) Favorites name section to Favorites; (4) FiltKeyword parameter to Procurement/EKPHTML/search_item_bt.asp; (5) Act parameter to Procurement/EKPHTML/EnterpriseManager/Budget/ImportBudget_fr.asp; (6) hdnOpener or (7) hdnApproverFieldName parameter to Procurement/EKPHTML/EnterpriseManager/UserSearchDlg.asp; or (8) INTEGRATED parameter to Procurement/EKPHTML/EnterpriseManager/Codes.asp.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

epicor epicor enterprise

Exploits

Exploit DB: Epicor Enterprise 7.4 - Multiple Vulnerabilities
"Epicor Enterprise vulnerabilities" - Affected vendor: Epicor Software Corporation - Affected system: Epicor Enterprise - Version 74 - Vendor disclosure date: May 13th, 2014 - Public disclosure date: September 30th, 2014 - Status: Fixed - Associated CVEs: 1) CVE-2014-4311 Password values not masked appropriately: Even though the applica ...
Exploit DB: Epicor Password Disclosure / Cross Site Scripting
Epicor suffers from cross site scripting and password disclosure vulnerabilities ...

References

CWE-79http://osvdb.org/show/osvdb/112466http://seclists.org/fulldisclosure/2014/Oct/2http://osvdb.org/show/osvdb/112470http://www.securityfocus.com/bid/70192http://www.exploit-db.com/exploits/34864http://osvdb.org/show/osvdb/112471http://osvdb.org/show/osvdb/112467http://osvdb.org/show/osvdb/112465http://osvdb.org/show/osvdb/112469http://packetstormsecurity.com/files/128511/Epicor-Password-Disclosure-Cross-Site-Scripting.htmlhttp://osvdb.org/show/osvdb/112464https://exchange.xforce.ibmcloud.com/vulnerabilities/96793https://nvd.nist.govhttps://www.exploit-db.com/exploits/34864/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073CVE-2024-5496CVE-2024-5495XPath injectionbypassCVE-2024-30043CVE-2024-24919denial of serviceCVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook