Vulnerabilities > Zohocorp > Manageengine Supportcenter Plus > 7.90

DATE	CVE	VULNERABILITY TITLE	RISK
2022-07-12	CVE-2022-35403	Unspecified vulnerability in Zohocorp products Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. network low complexity zohocorp	5.0
2022-04-05	CVE-2022-25373	Cross-site Scripting vulnerability in Zohocorp Manageengine Supportcenter Plus Zoho ManageEngine SupportCenter Plus before 11020 allows Stored XSS in the request history. network low complexity zohocorp CWE-79	5.4
2021-11-29	CVE-2021-44077	Missing Authentication for Critical Function vulnerability in Zohocorp products Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. network low complexity zohocorp CWE-306 critical	9.8
2018-09-21	CVE-2018-16965	Cross-site Scripting vulnerability in Zohocorp Manageengine Supportcenter Plus 7.9/7.90 In Zoho ManageEngine SupportCenter Plus before 8.1 Build 8109, there is HTML Injection and Stored XSS via the /ServiceContractDef.do contractName parameter. network zohocorp CWE-79	4.3
2015-06-30	CVE-2015-5150	Cross-site Scripting vulnerability in Zohocorp Manageengine Supportcenter Plus 7.90 Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.90 allow remote authenticated users to inject arbitrary web script or HTML via the (1) query parameter in the run_query_editor_query module to CustomReportHandler.do, (2) compAcct parameter to jsp/ResetADPwd.jsp, or (3) redirectTo parameter to jsp/CacheScreenWidth.jsp. network zohocorp CWE-79	3.5
2015-06-30	CVE-2015-5149	Path Traversal vulnerability in Zohocorp Manageengine Supportcenter Plus 7.90 Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary files via a .. network low complexity zohocorp CWE-22	5.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.