Vulnerabilities > Zohocorp > Manageengine Servicedesk Plus > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-23 | CVE-2022-40771 | XXE vulnerability in Zohocorp products Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure. | 4.9 |
| 2022-11-23 | CVE-2022-40772 | Unspecified vulnerability in Zohocorp products Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module. | 6.5 |
| 2022-04-05 | CVE-2022-25245 | Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Servicedesk Plus Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name. | 5.3 |
| 2022-01-27 | CVE-2021-46065 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 11.3 A Cross-site scripting (XSS) vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 allows an attackers to inject arbitrary JavaScript code. | 4.8 |
| 2021-04-09 | CVE-2021-20080 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset file. | 6.1 |
| 2020-05-18 | CVE-2020-13154 | Missing Authorization vulnerability in Zohocorp Manageengine Servicedesk Plus 11.1 Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet. | 6.5 |
| 2020-05-14 | CVE-2019-15083 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 10.0.0 Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 before 10500 are vulnerable to XSS injected by a workstation local administrator. | 6.1 |
| 2020-01-23 | CVE-2020-6843 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. | 4.8 |
| 2019-08-21 | CVE-2019-15045 | Information Exposure vulnerability in Zohocorp Manageengine Servicedesk Plus AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. | 5.3 |
| 2019-07-11 | CVE-2019-12540 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 10.5 An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5. | 6.1 |