Vulnerabilities > Zohocorp > Manageengine Servicedesk Plus > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-11 | CVE-2019-12539 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 10.5 An issue was discovered in the Purchase component of Zoho ManageEngine ServiceDesk Plus. | 6.1 |
| 2019-06-05 | CVE-2019-12543 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 9.3 An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. | 6.1 |
| 2019-06-05 | CVE-2019-12542 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 9.3 An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. | 6.1 |
| 2019-06-05 | CVE-2019-12541 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 9.3 An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. | 6.1 |
| 2019-06-05 | CVE-2019-12538 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 9.3 An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. | 6.1 |
| 2019-05-21 | CVE-2019-12252 | Authorization Bypass Through User-Controlled Key vulnerability in Zohocorp Manageengine Servicedesk Plus In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail¬ifyTo=SOLFORWARD&id= substring. | 6.5 |
| 2019-05-21 | CVE-2019-12189 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 9.3 An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. | 6.1 |
| 2019-04-04 | CVE-2019-10273 | Improper Authentication vulnerability in Zohocorp Manageengine Servicedesk Plus 9.3 Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. | 4.3 |
| 2019-03-25 | CVE-2017-9376 | Improper Input Validation vulnerability in Zohocorp Manageengine Servicedesk Plus ManageEngine ServiceDesk Plus before 9314 contains a local file inclusion vulnerability in the defModule parameter in DefaultConfigDef.do and AssetDefaultConfigDef.do. | 6.5 |
| 2019-02-17 | CVE-2019-8394 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Servicedesk Plus Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization. | 6.5 |