Vulnerabilities > Zohocorp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-06 | CVE-2023-26601 | Resource Exhaustion vulnerability in Zohocorp products Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service (DoS). | 7.5 |
| 2023-03-06 | CVE-2023-26600 | Unspecified vulnerability in Zohocorp products ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports. | 6.5 |
| 2023-02-25 | CVE-2022-48362 | Path Traversal vulnerability in Zohocorp Manageengine Desktop Central Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1.2137.2 allow directory traversal via computerName to AgentLogUploadServlet. | 8.8 |
| 2023-02-13 | CVE-2023-0169 | Cross-site Scripting vulnerability in Zohocorp Zoho Forms The Zoho Forms WordPress plugin before 3.0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
| 2023-02-01 | CVE-2023-23073 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 14.0 Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component. | 6.1 |
| 2023-02-01 | CVE-2023-23074 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 14.0 Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component. | 6.1 |
| 2023-02-01 | CVE-2023-23075 | Cross-site Scripting vulnerability in Zohocorp Manageengine Assetexplorer 6.9 Cross Site Scripting (XSS) vulnerability in Zoho Asset Explorer 6.9 via the credential name when creating a new Assets Workstation. | 6.1 |
| 2023-02-01 | CVE-2023-23076 | OS Command Injection vulnerability in Zohocorp Manageengine Supportcenter Plus 11.0 OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedules. | 9.8 |
| 2023-02-01 | CVE-2023-23077 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 13.0 Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment. | 6.1 |
| 2023-02-01 | CVE-2023-23078 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 14.0 Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets. | 6.1 |