Vulnerabilities > Zohocorp > Manageengine Applications Manager > 13.1

DATE	CVE	VULNERABILITY TITLE	RISK
2018-08-08	CVE-2018-15169	Cross-site Scripting vulnerability in Zohocorp Manageengine Applications Manager A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager 13 before build 13820 allows remote attackers to inject arbitrary web script or HTML via the /deleteMO.do method parameter. network zohocorp CWE-79	4.3
2018-08-08	CVE-2018-15168	SQL Injection vulnerability in Zohocorp Manageengine Applications Manager A SQL Injection vulnerability exists in the Zoho ManageEngine Applications Manager 13 before build 13820 via the resids parameter in a /editDisplaynames.do?method=editDisplaynames GET request. network low complexity zohocorp CWE-89	7.5
2018-03-08	CVE-2018-7890	OS Command Injection vulnerability in Zohocorp Manageengine Applications Manager A remote code execution issue was discovered in Zoho ManageEngine Applications Manager before 13.6 (build 13640). network low complexity zohocorp CWE-78 critical	10.0

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.