Vulnerabilities > Zohocorp > Manageengine Desktop Central > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-03 | CVE-2023-4767 | Injection vulnerability in Zohocorp Manageengine Desktop Central 9.1.0 A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. | 6.1 |
| 2023-11-03 | CVE-2023-4768 | Unspecified vulnerability in Zohocorp Manageengine Desktop Central 9.1.0 A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. | 6.1 |
| 2022-03-02 | CVE-2022-23779 | Information Exposure vulnerability in Zohocorp Manageengine Desktop Central Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. | 5.3 |
| 2022-01-28 | CVE-2022-23863 | Unspecified vulnerability in Zohocorp Manageengine Desktop Central Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any user's login password. | 6.5 |
| 2022-01-10 | CVE-2021-46166 | Information Exposure vulnerability in Zohocorp Manageengine Desktop Central Zoho ManageEngine Desktop Central before 10.0.662 allows authenticated users to obtain sensitive information from the database by visiting the Reports page. | 6.5 |
| 2021-01-06 | CVE-2019-16962 | Cross-site Scripting vulnerability in Zohocorp Manageengine Desktop Central 10.0.430 Zoho ManageEngine Desktop Central 10.0.430 allows HTML injection via a modified Report Name in a New Custom Report. | 5.4 |
| 2020-05-05 | CVE-2020-10859 | Path Traversal vulnerability in Zohocorp Manageengine Desktop Central Zoho ManageEngine Desktop Central before 10.0.484 allows authenticated arbitrary file writes during ZIP archive extraction via Directory Traversal in a crafted AppDependency API request. | 6.5 |
| 2020-03-23 | CVE-2019-15510 | Cross-site Scripting vulnerability in Zohocorp Manageengine Desktop Central 10.0 ManageEngine_DesktopCentral.exe in Zoho ManageEngine Desktop Central 10 allows HTML injection on the user administration page via the description of a role. | 6.1 |
| 2018-09-21 | CVE-2018-16833 | Cross-site Scripting vulnerability in Zohocorp Manageengine Desktop Central 10.0.271 Zoho ManageEngine Desktop Central 10.0.271 has XSS via the "Features & Articles" search field to the /advsearch.do?SUBREQUEST=XMLHTTP URI. | 6.1 |
| 2018-03-15 | CVE-2018-8722 | Cross-site Scripting vulnerability in Zohocorp Manageengine Desktop Central 9.1.0 Zoho ManageEngine Desktop Central version 9.1.0 build 91099 has multiple XSS issues that were fixed in build 92026. | 6.1 |