Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Epicor Enterprise 7.4 before FS74SP6_HotfixTL054181 allow remote attackers to inject arbitrary web script or HTML via the (1) Notes section to Order details; (2) Description section to "Order to consume"; (3) Favorites name section to Favorites; (4) FiltKeyword parameter to Procurement/EKPHTML/search_item_bt.asp; (5) Act parameter to Procurement/EKPHTML/EnterpriseManager/Budget/ImportBudget_fr.asp; (6) hdnOpener or (7) hdnApproverFieldName parameter to Procurement/EKPHTML/EnterpriseManager/UserSearchDlg.asp; or (8) INTEGRATED parameter to Procurement/EKPHTML/EnterpriseManager/Codes.asp.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Epicor Enterprise 跨站脚本漏洞
Vulnerability Description
Epicor是美国恩柏科软件(Epicor Software)公司的一套企业资源规划(ERP)软件。该软件为客户关系管理(CRM)、制造运营、供应链管理(SCM)、人力资本管理(HCM)等方面提供解决方案。Epicor Enterprise是一个企业版。 Epicor Enterprise FS74SP6_HotfixTL054181之前7.4版本中存在跨站脚本漏洞,该漏洞源于程序没有充分过滤用户提供的输入。远程攻击者可利用该漏洞注入任意Web脚本或HTML。
CVSS Information
N/A
Vulnerability Type
N/A