Vulnerabilities > Zoho

DATE CVE VULNERABILITY TITLE RISK
2024-08-23 CVE-2024-5466 Code Injection vulnerability in multiple products
Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below are vulnerable to the authenticated remote code execution in the deploy agent option.
network
low complexity
zoho zohocorp CWE-94
8.8
2024-07-09 CVE-2024-37225 SQL Injection vulnerability in Zoho Marketing Automation
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zoho Marketing Automation.This issue affects Zoho Marketing Automation: from n/a through 1.2.7.
network
low complexity
zoho CWE-89
8.8
2021-11-17 CVE-2021-42956 Improper Privilege Management vulnerability in Zoho Manageengine Remote Access Plus Server
Zoho Remote Access Plus Server Windows Desktop Binary fixed in 10.1.2132.6 is affected by a sensitive information disclosure vulnerability.
network
low complexity
zoho CWE-269
6.5
2019-11-26 CVE-2019-19306 Cross-site Scripting vulnerability in Zoho Lead Magnet 1.6.9.1
The Zoho CRM Lead Magnet plugin 1.6.9.1 for WordPress allows XSS via module, EditShortcode, or LayoutName.
network
low complexity
zoho CWE-79
5.4
2019-08-27 CVE-2019-15645 Cross-Site Request Forgery (CSRF) vulnerability in Zoho Salesiq
The zoho-salesiq plugin before 1.0.9 for WordPress has CSRF.
network
zoho CWE-352
6.8
2019-08-27 CVE-2019-15644 Cross-site Scripting vulnerability in Zoho Salesiq
The zoho-salesiq plugin before 1.0.9 for WordPress has stored XSS.
network
zoho CWE-79
4.3
2019-07-05 CVE-2019-5963 Cross-Site Request Forgery (CSRF) vulnerability in Zoho Salesiq
Cross-site request forgery (CSRF) vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
network
zoho CWE-352
6.8
2019-07-05 CVE-2019-5962 Cross-site Scripting vulnerability in Zoho Salesiq
Cross-site scripting vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
zoho CWE-79
4.3
2014-09-23 CVE-2014-6686 Cryptographic Issues vulnerability in Zoho Books - Accounting APP 3.1.9
The Zoho Books - Accounting App (aka com.zoho.books) application 3.1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
5.4