Vulnerabilities > Zohocorp > Manageengine Applications Manager
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-10 | CVE-2023-38333 | Cross-site Scripting vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in. | 6.1 |
| 2023-04-26 | CVE-2023-29442 | Cross-site Scripting vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS. | 6.1 |
| 2022-05-24 | CVE-2022-23050 | Uncontrolled Search Path Element vulnerability in Zohocorp Manageengine Applications Manager ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality. | 7.2 |
| 2022-01-10 | CVE-2020-28679 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request. | 6.5 |
| 2021-11-03 | CVE-2020-24743 | Unspecified vulnerability in Zohocorp Manageengine Applications Manager An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter. | 7.5 |
| 2021-10-21 | CVE-2021-35512 | Server-Side Request Forgery (SSRF) vulnerability in Zohocorp Manageengine Applications Manager 15.2 An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200. | 6.4 |
| 2021-07-01 | CVE-2021-31813 | Cross-site Scripting vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD. | 3.5 |
| 2021-02-05 | CVE-2020-35765 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do. | 6.5 |
| 2021-01-19 | CVE-2020-27733 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 14.0 Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request. | 8.8 |
| 2020-10-29 | CVE-2020-27995 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 14.0 SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage.do template_resid parameter. | 7.5 |