Vulnerabilities > Zohocorp > Manageengine Supportcenter Plus > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-15 | CVE-2023-6105 | Unspecified vulnerability in Zohocorp products An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. | 5.5 |
| 2023-07-28 | CVE-2023-38331 | Cross-site Scripting vulnerability in Zohocorp Manageengine Supportcenter Plus Zoho ManageEngine Support Center Plus 14001 and below is vulnerable to stored XSS in the products module. | 5.4 |
| 2023-07-07 | CVE-2023-34197 | Unspecified vulnerability in Zohocorp Manageengine Servicedesk Plus 8.1/8.2/9.0 Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and SupportCenter Plus before 14300 have a privilege escalation vulnerability in the Release module that allows unprivileged users to access the Reminders of a release ticket and make modifications. | 5.4 |
| 2023-04-26 | CVE-2023-29443 | XXE vulnerability in Zohocorp products Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint. | 4.9 |
| 2023-03-06 | CVE-2023-26600 | Unspecified vulnerability in Zohocorp products ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports. | 6.5 |
| 2022-11-23 | CVE-2022-40771 | XXE vulnerability in Zohocorp products Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure. | 4.9 |
| 2022-11-23 | CVE-2022-40772 | Unspecified vulnerability in Zohocorp products Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module. | 6.5 |
| 2022-07-12 | CVE-2022-35403 | Unspecified vulnerability in Zohocorp products Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. | 5.0 |
| 2022-04-05 | CVE-2022-25373 | Cross-site Scripting vulnerability in Zohocorp Manageengine Supportcenter Plus Zoho ManageEngine SupportCenter Plus before 11020 allows Stored XSS in the request history. | 5.4 |
| 2021-11-30 | CVE-2021-43294 | Cross-site Scripting vulnerability in Zohocorp Manageengine Supportcenter Plus 11.0 Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Products module. | 4.3 |