Vulnerabilities > Zohocorp > Manageengine Assetexplorer > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-08 | CVE-2019-14693 | XXE vulnerability in Zohocorp Manageengine Assetexplorer 6.2.0 Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing license XML data. | 5.5 |
| 2019-08-08 | CVE-2019-12994 | Server-Side Request Forgery (SSRF) vulnerability in Zohocorp Manageengine Assetexplorer 6.2.0 Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL. | 6.5 |
| 2019-08-08 | CVE-2019-12959 | Server-Side Request Forgery (SSRF) vulnerability in Zohocorp Manageengine Assetexplorer 4.0/5.6/6.1 Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet servlet via a URL in a parameter. | 6.5 |
| 2019-07-11 | CVE-2019-12597 | Cross-site Scripting vulnerability in Zohocorp Manageengine Assetexplorer 6.5 An issue was discovered in Zoho ManageEngine AssetExplorer. | 6.1 |
| 2019-07-11 | CVE-2019-12596 | Cross-site Scripting vulnerability in Zohocorp Manageengine Assetexplorer 6.5 An issue was discovered in Zoho ManageEngine AssetExplorer. | 6.1 |
| 2019-07-11 | CVE-2019-12595 | Cross-site Scripting vulnerability in Zohocorp Manageengine Assetexplorer 6.5 An issue was discovered in Zoho ManageEngine AssetExplorer. | 6.1 |
| 2019-07-11 | CVE-2019-12537 | Cross-site Scripting vulnerability in Zohocorp Manageengine Assetexplorer 6.5 An issue was discovered in Zoho ManageEngine AssetExplorer. | 6.1 |
| 2018-10-02 | CVE-2018-17596 | Cross-site Scripting vulnerability in Zohocorp Manageengine Assetexplorer 6.2.0 In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was discovered in the 6.2.0 version via the /AssetDef.do ciName or assetName parameter. | 4.3 |
| 2015-06-24 | CVE-2015-2169 | Cross-site Scripting vulnerability in Zohocorp Manageengine Assetexplorer 6.1 Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 allows remote attackers to inject arbitrary web script or HTML via a Publisher registry entry, which is not properly handled when the machine is scanned. | 4.3 |
| 2012-12-11 | CVE-2012-5956 | Cross-Site Scripting vulnerability in Zohocorp Manageengine Assetexplorer 5.6 Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine AssetExplorer 5.6 before service pack 5614 allow remote attackers to inject arbitrary web script or HTML via fields in XML asset data to discoveryServlet/WsDiscoveryServlet, as demonstrated by the DocRoot/Computer_Information/output element. | 4.3 |