Vulnerabilities > Zohocorp > Manageengine Applications Manager > 16.1

DATE	CVE	VULNERABILITY TITLE	RISK
2024-08-01	CVE-2024-5678	SQL Injection vulnerability in Zohocorp Manageengine Applications Manager Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature. network low complexity zohocorp CWE-89	4.7
2023-08-10	CVE-2023-38333	Cross-site Scripting vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in. network low complexity zohocorp CWE-79	6.1
2023-04-26	CVE-2023-29442	Cross-site Scripting vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS. network low complexity zohocorp CWE-79	6.1
2023-04-11	CVE-2023-28340	XXE vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack. network low complexity zohocorp CWE-611	6.5
2023-04-11	CVE-2023-28341	Cross-site Scripting vulnerability in Zohocorp Manageengine Applications Manager Stored Cross site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malicious javascript on the incorrect login details page. network low complexity zohocorp CWE-79	6.1

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.