Vulnerabilities > Manageengine > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-21 | CVE-2020-19554 | Cross-site Scripting vulnerability in Manageengine Opmanager 12.3 Cross Site Scripting (XSS) vulnerability exists in ManageEngine OPManager <=12.5.174 when the API key contains an XML-based XSS payload. | 4.3 |
| 2018-08-28 | CVE-2018-15740 | Cross-site Scripting vulnerability in Manageengine Admanager Plus 6.5.7 Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen. | 4.3 |
| 2018-08-28 | CVE-2018-15608 | Cross-site Scripting vulnerability in Manageengine Admanager Plus 6.5.7 Zoho ManageEngine ADManager Plus 6.5.7 allows HTML Injection on the "AD Delegation" "Help Desk Technicians" screen. | 4.3 |
| 2018-06-05 | CVE-2016-9490 | Cross-site Scripting vulnerability in Manageengine Applications Manager 12.0/13.0 ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability. | 4.3 |
| 2017-11-08 | CVE-2017-11512 | Path Traversal vulnerability in Manageengine Servicedesk 9.3.9328 The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the name parameter for the download-snapshot URL. | 5.0 |
| 2017-11-08 | CVE-2017-11511 | Information Exposure vulnerability in Manageengine Servicedesk 9.3.9328 The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. | 5.0 |
| 2015-02-04 | CVE-2015-1480 | Information Exposure vulnerability in Manageengine Servicedesk Plus ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to obtain sensitive ticket information via a (1) getTicketData action to servlet/AJaxServlet or a direct request to (2) swf/flashreport.swf, (3) reports/flash/details.jsp, or (4) reports/CreateReportTable.jsp. | 4.0 |
| 2014-12-16 | CVE-2014-9372 | Path Traversal vulnerability in Manageengine Password Manager PRO Directory traversal vulnerability in the UploadAccountActivities servlet in ManageEngine Password Manager Pro (PMP) before 7103 allows remote attackers to delete arbitrary files via a .. | 6.4 |
| 2014-11-17 | CVE-2014-8499 | SQL Injection vulnerability in Manageengine Password Manager PRO Multiple SQL injection vulnerabilities in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allow remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter to (1) SQLAdvancedALSearchResult.cc or (2) AdvancedSearchResult.cc. | 6.5 |
| 2014-09-04 | CVE-2014-5377 | Information Exposure vulnerability in Manageengine Device Expert ReadUsersFromMasterServlet in ManageEngine DeviceExpert before 5.9 build 5981 allows remote attackers to obtain user account credentials via a direct request. | 5.0 |