Vulnerabilities > Zohocorp > Manageengine Supportcenter Plus > 7.90
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-07-12 | CVE-2022-35403 | Unspecified vulnerability in Zohocorp products Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. | 5.0 |
2022-04-05 | CVE-2022-25373 | Cross-site Scripting vulnerability in Zohocorp Manageengine Supportcenter Plus Zoho ManageEngine SupportCenter Plus before 11020 allows Stored XSS in the request history. | 5.4 |
2021-11-29 | CVE-2021-44077 | Missing Authentication for Critical Function vulnerability in Zohocorp products Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. | 9.8 |
2018-09-21 | CVE-2018-16965 | Cross-site Scripting vulnerability in Zohocorp Manageengine Supportcenter Plus 7.9/7.90 In Zoho ManageEngine SupportCenter Plus before 8.1 Build 8109, there is HTML Injection and Stored XSS via the /ServiceContractDef.do contractName parameter. | 4.3 |
2015-06-30 | CVE-2015-5150 | Cross-site Scripting vulnerability in Zohocorp Manageengine Supportcenter Plus 7.90 Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.90 allow remote authenticated users to inject arbitrary web script or HTML via the (1) query parameter in the run_query_editor_query module to CustomReportHandler.do, (2) compAcct parameter to jsp/ResetADPwd.jsp, or (3) redirectTo parameter to jsp/CacheScreenWidth.jsp. | 3.5 |
2015-06-30 | CVE-2015-5149 | Path Traversal vulnerability in Zohocorp Manageengine Supportcenter Plus 7.90 Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary files via a .. | 5.5 |