Vulnerabilities > Zohocorp > Manageengine Applications Manager > 14.7
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-08-10 | CVE-2023-38333 | Cross-site Scripting vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in. | 6.1 |
2023-04-26 | CVE-2023-29442 | Cross-site Scripting vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS. | 6.1 |
2021-07-01 | CVE-2021-31813 | Cross-site Scripting vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD. | 3.5 |
2021-02-05 | CVE-2020-35765 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do. | 6.5 |
2020-10-08 | CVE-2020-10816 | Improper Authentication vulnerability in Zohocorp Manageengine Applications Manager 14.7 Zoho ManageEngine Applications Manager 14780 and before allows a remote unauthenticated attacker to register managed servers via AAMRequestProcessor servlet. | 5.0 |
2020-10-06 | CVE-2020-16267 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 14.7 Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the RCA module. | 6.5 |
2020-10-06 | CVE-2020-15927 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 14.7 Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the SAP module. | 6.5 |
2020-10-01 | CVE-2020-15533 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack. | 7.5 |