Vulnerabilities > Zohocorp > Manageengine Servicedesk Plus > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-02-17 CVE-2019-8394 Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Servicedesk Plus
Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.
network
low complexity
zohocorp CWE-434
6.5
6.5
2018-05-11 CVE-2018-7248 Unspecified vulnerability in Zohocorp Manageengine Servicedesk Plus 9.3
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3 Build 9317.
network
low complexity
zohocorp
5.3
5.3
2018-03-30 CVE-2018-5799 Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus
In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows an attacker to run arbitrary JavaScript via a /api/request/?OPERATION_NAME= URI, aka SD-69139.
network
low complexity
zohocorp CWE-79
6.1
6.1