Vulnerabilities > Zohocorp > Manageengine Servicedesk Plus > 9.1

DATE	CVE	VULNERABILITY TITLE	RISK
2019-03-25	CVE-2017-9362	XXE vulnerability in Zohocorp Manageengine Servicedesk Plus 9.1/9.2 ManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items CMDB API. network low complexity zohocorp CWE-611	6.5
2019-02-17	CVE-2019-8395	Path Traversal vulnerability in Zohocorp Manageengine Servicedesk Plus An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request. network low complexity zohocorp CWE-22	7.5
2019-02-17	CVE-2019-8394	Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Servicedesk Plus Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization. network low complexity zohocorp CWE-434	4.0
2018-03-30	CVE-2018-5799	Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows an attacker to run arbitrary JavaScript via a /api/request/?OPERATION_NAME= URI, aka SD-69139. network zohocorp CWE-79	4.3

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.