Vulnerabilities > Zohocorp > Manageengine Servicedesk Plus > 9.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-05 | CVE-2019-12543 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 9.3 An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. | 6.1 |
| 2019-06-05 | CVE-2019-12542 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 9.3 An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. | 6.1 |
| 2019-06-05 | CVE-2019-12541 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 9.3 An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. | 6.1 |
| 2019-06-05 | CVE-2019-12538 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 9.3 An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. | 6.1 |
| 2019-05-21 | CVE-2019-12252 | Authorization Bypass Through User-Controlled Key vulnerability in Zohocorp Manageengine Servicedesk Plus In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail¬ifyTo=SOLFORWARD&id= substring. | 6.5 |
| 2019-05-21 | CVE-2019-12189 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 9.3 An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. | 6.1 |
| 2019-04-04 | CVE-2019-10273 | Improper Authentication vulnerability in Zohocorp Manageengine Servicedesk Plus 9.3 Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. | 4.3 |
| 2019-02-17 | CVE-2019-8395 | Use of Incorrectly-Resolved Name or Reference vulnerability in Zohocorp Manageengine Servicedesk Plus An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request. | 9.8 |
| 2019-02-17 | CVE-2019-8394 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Servicedesk Plus Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization. | 6.5 |
| 2018-05-11 | CVE-2018-7248 | Unspecified vulnerability in Zohocorp Manageengine Servicedesk Plus 9.3 An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3 Build 9317. | 5.3 |