The help window in Epicor CRS Retail Store prior to 3.2.03.01.008 allows local users to execute arbitrary code by injecting Javascript into the window source to create a button that spawns a command shell.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
epicor crs retail store |