Vulnerabilities > Zohocorp > Manageengine Log360 > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-08-29 CVE-2021-40172 Cross-Site Request Forgery (CSRF) vulnerability in Zohocorp Manageengine Log360 5.0/5.1/5.2
Zoho ManageEngine Log360 before Build 5219 allows a CSRF attack on proxy settings.
network
zohocorp CWE-352
6.8
6.8
2021-08-29 CVE-2021-40174 Cross-Site Request Forgery (CSRF) vulnerability in Zohocorp Manageengine Log360 5.0/5.1/5.2
Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for disabling the logon security settings.
network
zohocorp CWE-352
6.8
6.8
2021-08-29 CVE-2021-40176 Cross-site Scripting vulnerability in Zohocorp Manageengine Log360 5.0/5.1/5.2
Zoho ManageEngine Log360 before Build 5225 allows stored XSS.
network
zohocorp CWE-79
4.3
4.3
2021-08-29 CVE-2021-40178 Cross-site Scripting vulnerability in Zohocorp Manageengine Log360 5.0/5.1/5.2
Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the LOGO_PATH key value in the logon settings.
network
zohocorp CWE-79
4.3
4.3