Vulnerabilities > Zohocorp > Manageengine Applications Manager > 15.5

DATE	CVE	VULNERABILITY TITLE	RISK
2024-08-01	CVE-2024-5678	SQL Injection vulnerability in Zohocorp Manageengine Applications Manager Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature. network low complexity zohocorp CWE-89	4.7
2023-08-10	CVE-2023-38333	Cross-site Scripting vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in. network low complexity zohocorp CWE-79	6.1
2023-04-26	CVE-2023-29442	Cross-site Scripting vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS. network low complexity zohocorp CWE-79	6.1
2023-04-11	CVE-2023-28340	XXE vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack. network low complexity zohocorp CWE-611	6.5
2022-05-24	CVE-2022-23050	Uncontrolled Search Path Element vulnerability in Zohocorp Manageengine Applications Manager ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality. network low complexity zohocorp CWE-427	7.2

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.