Vulnerabilities > Zohocorp > Manageengine Servicedesk Plus > 10.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-14 | CVE-2019-15083 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 10.0.0 Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 before 10500 are vulnerable to XSS injected by a workstation local administrator. | 6.1 |
| 2020-01-23 | CVE-2020-6843 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. | 4.8 |
| 2019-08-21 | CVE-2019-15045 | Information Exposure vulnerability in Zohocorp Manageengine Servicedesk Plus AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. | 5.3 |
| 2019-08-14 | CVE-2019-15046 | Improper Authentication vulnerability in Zohocorp Manageengine Servicedesk Plus Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989. | 7.5 |
| 2019-06-18 | CVE-2019-12133 | Incorrect Permission Assignment for Critical Resource vulnerability in Zohocorp products Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. | 7.8 |
| 2019-05-21 | CVE-2019-12252 | Authorization Bypass Through User-Controlled Key vulnerability in Zohocorp Manageengine Servicedesk Plus In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail¬ifyTo=SOLFORWARD&id= substring. | 6.5 |
| 2019-02-17 | CVE-2019-8394 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Servicedesk Plus Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization. | 6.5 |
| 2018-03-30 | CVE-2018-5799 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows an attacker to run arbitrary JavaScript via a /api/request/?OPERATION_NAME= URI, aka SD-69139. | 6.1 |