Vulnerabilities > Zohocorp > Manageengine Applications Manager > 14.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-08-10 | CVE-2023-38333 | Cross-site Scripting vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in. | 6.1 |
2023-04-26 | CVE-2023-29442 | Cross-site Scripting vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS. | 6.1 |
2022-01-10 | CVE-2020-28679 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request. | 6.5 |
2021-11-03 | CVE-2020-24743 | Unspecified vulnerability in Zohocorp Manageengine Applications Manager An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter. | 7.5 |
2021-07-01 | CVE-2021-31813 | Cross-site Scripting vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD. | 3.5 |
2021-02-05 | CVE-2020-35765 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do. | 6.5 |
2020-10-01 | CVE-2020-15533 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack. | 7.5 |
2020-03-13 | CVE-2019-19799 | Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager before 14600 allows a remote unauthenticated attacker to disclose license related information via WieldFeedServlet servlet. | 5.0 |
2019-08-16 | CVE-2019-15105 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager An issue was discovered in Zoho ManageEngine Application Manager through 14.2. | 9.0 |
2018-09-26 | CVE-2018-16364 | Deserialization of Untrusted Data vulnerability in Zohocorp Manageengine Applications Manager A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share. | 9.3 |