Vulnerabilities > Zohocorp > Manageengine Servicedesk Plus > 9.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-03-25 | CVE-2017-9362 | XXE vulnerability in Zohocorp Manageengine Servicedesk Plus 9.1/9.2 ManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items CMDB API. | 6.5 |
2019-02-17 | CVE-2019-8395 | Path Traversal vulnerability in Zohocorp Manageengine Servicedesk Plus An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request. | 7.5 |
2019-02-17 | CVE-2019-8394 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Servicedesk Plus Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization. | 4.0 |
2018-03-30 | CVE-2018-5799 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows an attacker to run arbitrary JavaScript via a /api/request/?OPERATION_NAME= URI, aka SD-69139. | 4.3 |