CVE-2014-4312

Epicor Enterprise < 7.4 - Cross-Site Scripting via Multiple Input Fields

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-4312. PoCs published by Fara Rustein.

AI-analyzed exploit summary This is a vulnerability writeup describing CVE-2014-4312, which involves persistent and reflective XSS vulnerabilities in Epicor Enterprise version 7.4. It includes examples of affected functionalities and URLs but does not contain executable exploit code.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Epicor Enterprise 7.4 before FS74SP6_HotfixTL054181 allow remote attackers to inject arbitrary web script or HTML via the (1) Notes section to Order details; (2) Description section to "Order to consume"; (3) Favorites name section to Favorites; (4) FiltKeyword parameter to Procurement/EKPHTML/search_item_bt.asp; (5) Act parameter to Procurement/EKPHTML/EnterpriseManager/Budget/ImportBudget_fr.asp; (6) hdnOpener or (7) hdnApproverFieldName parameter to Procurement/EKPHTML/EnterpriseManager/UserSearchDlg.asp; or (8) INTEGRATED parameter to Procurement/EKPHTML/EnterpriseManager/Codes.asp.

Exploits (1)

exploitdb WRITEUP
by Fara Rustein · textwebappsasp
https://www.exploit-db.com/exploits/34864

This is a vulnerability writeup describing CVE-2014-4312, which involves persistent and reflective XSS vulnerabilities in Epicor Enterprise version 7.4. It includes examples of affected functionalities and URLs but does not contain executable exploit code.

Classification
Writeup 100%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Epicor Enterprise - Version 7.4
No auth needed
Prerequisites: Access to vulnerable Epicor Enterprise web interface
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (12)

Core 12
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/show/osvdb/112470
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/70192
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/show/osvdb/112471
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/34864
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/show/osvdb/112469
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/show/osvdb/112467
Exploit mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Oct/2
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/96793
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/show/osvdb/112464
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/show/osvdb/112466
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/show/osvdb/112465

Scores

EPSS 0.0418
EPSS Percentile 89.6%

Details

CWE
CWE-79
Status published
Products (1)
epicor/epicor_enterprise < 7.4
Published Oct 10, 2014
Tracked Since Feb 18, 2026