Vulnerabilities > Zohocorp > Manageengine Password Manager PRO > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-15 | CVE-2023-6105 | Unspecified vulnerability in Zohocorp products An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. | 5.5 |
| 2023-08-11 | CVE-2020-27449 | Cross-site Scripting vulnerability in Zohocorp Manageengine Password Manager PRO 11.1 Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload. | 6.1 |
| 2021-07-31 | CVE-2021-33617 | Unspecified vulnerability in Zohocorp Manageengine Password Manager PRO Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/AjaxResponse.jsp?RequestType=GetUserDomainName&userName= username enumeration, because the response (to a failed login request) is null only when the username is invalid. | 5.0 |
| 2021-06-16 | CVE-2021-31857 | Unspecified vulnerability in Zohocorp Manageengine Password Manager PRO In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, attackers are able to retrieve credentials via a browser extension for non-website resource types. network zohocorp | 4.3 |
| 2020-03-09 | CVE-2016-1159 | Information Exposure vulnerability in Zohocorp Manageengine Password Manager PRO 8.3/8.4 In ZOHO Password Manager Pro (PMP) 8.3.0 (Build 8303) and 8.4.0 (Build 8400,8401,8402), underprivileged users can obtain sensitive information (entry password history) via a vulnerable hidden service. | 4.0 |
| 2017-12-15 | CVE-2017-17698 | Cross-site Scripting vulnerability in Zohocorp Manageengine Password Manager PRO Zoho ManageEngine Password Manager Pro 9 before 9.4 (9400) has reflected XSS in SearchResult.ec and BulkAccessControlView.ec. | 4.3 |
| 2015-07-08 | CVE-2015-5459 | SQL Injection vulnerability in Zohocorp Manageengine Password Manager PRO SQL injection vulnerability in the AdvanceSearch.class in AdventNetPassTrix.jar in ManageEngine Password Manager Pro (PMP) before 8.1 Build 8101 allows remote authenticated users to execute arbitrary SQL commands via the ANDOR parameter, as demonstrated by a request to STATE_ID/1425543888647/SQLAdvancedALSearchResult.cc. | 6.5 |
| 2014-11-17 | CVE-2014-8498 | SQL Injection vulnerability in Zohocorp Manageengine Password Manager PRO SQL injection vulnerability in BulkEditSearchResult.cc in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allows remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter. | 6.5 |