CVE-2014-4311

Epicor Enterprise <7.4 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-4311. PoCs published by Fara Rustein.

AI-analyzed exploit summary This is a vulnerability writeup describing CVE-2014-4312, which involves persistent and reflective XSS vulnerabilities in Epicor Enterprise version 7.4. It includes examples of affected functionalities and URLs but does not contain executable exploit code.

Description

Epicor Enterprise 7.4 before FS74SP6_HotfixTL054181 allows attackers to obtain the (1) Database Connection and (2) E-mail Connection passwords by reading HTML source code of the database connection and email settings page.

Exploits (1)

exploitdb WRITEUP

by Fara Rustein · textwebappsasp

https://www.exploit-db.com/exploits/34864

View Code ZIP pw:eip

This is a vulnerability writeup describing CVE-2014-4312, which involves persistent and reflective XSS vulnerabilities in Epicor Enterprise version 7.4. It includes examples of affected functionalities and URLs but does not contain executable exploit code.

Classification

Writeup 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Epicor Enterprise - Version 7.4

No auth needed

Prerequisites: Access to vulnerable Epicor Enterprise web interface

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/34864

Exploit mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2014/Oct/2

Exploit x_refsource_misc

http://packetstormsecurity.com/files/128511/Epicor-Password-Disclosure-Cross-Site-Scripting.html

Scores

EPSS 0.0578

EPSS Percentile 92.1%

Details

CWE

CWE-200

Status published

Products (1)

epicor/epicor_enterprise < 7.4

Published Nov 04, 2014

Tracked Since Feb 18, 2026