Vulnerabilities > Zohocorp > Manageengine Password Manager PRO > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-15 | CVE-2023-6105 | Unspecified vulnerability in Zohocorp products An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. | 5.5 |
| 2023-08-11 | CVE-2020-27449 | Cross-site Scripting vulnerability in Zohocorp Manageengine Password Manager PRO 11.1 Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload. | 6.1 |
| 2021-07-31 | CVE-2021-33617 | Unspecified vulnerability in Zohocorp Manageengine Password Manager PRO Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/AjaxResponse.jsp?RequestType=GetUserDomainName&userName= username enumeration, because the response (to a failed login request) is null only when the username is invalid. | 5.3 |
| 2021-06-16 | CVE-2021-31857 | Unspecified vulnerability in Zohocorp Manageengine Password Manager PRO In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, attackers are able to retrieve credentials via a browser extension for non-website resource types. | 5.9 |
| 2020-03-09 | CVE-2016-1159 | Information Exposure vulnerability in Zohocorp Manageengine Password Manager PRO 8.3/8.4 In ZOHO Password Manager Pro (PMP) 8.3.0 (Build 8303) and 8.4.0 (Build 8400,8401,8402), underprivileged users can obtain sensitive information (entry password history) via a vulnerable hidden service. | 6.5 |
| 2017-12-15 | CVE-2017-17698 | Cross-site Scripting vulnerability in Zohocorp Manageengine Password Manager PRO Zoho ManageEngine Password Manager Pro 9 before 9.4 (9400) has reflected XSS in SearchResult.ec and BulkAccessControlView.ec. | 6.1 |