Vulnerabilities > Zohocorp > Manageengine Supportcenter Plus > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-11-17 | CVE-2022-42903 | Missing Authorization vulnerability in Zohocorp Manageengine Supportcenter Plus 11.0 Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the organization users list. | 3.3 |
2015-06-30 | CVE-2015-5150 | Cross-site Scripting vulnerability in Zohocorp Manageengine Supportcenter Plus 7.90 Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.90 allow remote authenticated users to inject arbitrary web script or HTML via the (1) query parameter in the run_query_editor_query module to CustomReportHandler.do, (2) compAcct parameter to jsp/ResetADPwd.jsp, or (3) redirectTo parameter to jsp/CacheScreenWidth.jsp. | 3.5 |