Vulnerabilities > Zohocorp > Manageengine Adselfservice Plus > 5.7

DATE	CVE	VULNERABILITY TITLE	RISK
2019-04-25	CVE-2019-11511	Cross-site Scripting vulnerability in Zohocorp Manageengine Adselfservice Plus 5.7 Zoho ManageEngine ADSelfService Plus before build 5708 has XSS via the mobile app API. network low complexity zohocorp CWE-79	6.1
2019-03-21	CVE-2019-7161	Use of Hard-coded Credentials vulnerability in Zohocorp Manageengine Adselfservice Plus An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. network low complexity zohocorp CWE-798	7.5
2019-01-03	CVE-2019-3905	Server-Side Request Forgery (SSRF) vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF. network low complexity zohocorp CWE-918 critical	10.0
2019-01-03	CVE-2018-20664	XXE vulnerability in Zohocorp Manageengine Adselfservice Plus 5.7 Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license. network low complexity zohocorp CWE-611 critical	9.8
2018-12-26	CVE-2018-20485	Cross-site Scripting vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature. network low complexity zohocorp CWE-79	6.1
2018-12-26	CVE-2018-20484	Cross-site Scripting vulnerability in Zohocorp Manageengine Adselfservice Plus 5.7 Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation. network low complexity zohocorp CWE-79	6.1

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.