Vulnerabilities > Zohocorp

DATE CVE VULNERABILITY TITLE RISK
2023-08-11 CVE-2020-27449 Cross-site Scripting vulnerability in Zohocorp Manageengine Password Manager PRO 11.1
Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload.
network
low complexity
zohocorp CWE-79
6.1
2023-08-10 CVE-2023-38333 Cross-site Scripting vulnerability in Zohocorp Manageengine Applications Manager
Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in.
network
low complexity
zohocorp CWE-79
6.1
2023-08-07 CVE-2023-32783 Incorrect Authorization vulnerability in Zohocorp Manageengine Adaudit Plus 7.1.1
The event analysis component in Zoho ManageEngine ADAudit Plus 7.1.1 allows an attacker to bypass audit detection by creating or renaming user accounts with a "$" symbol suffix.
network
low complexity
zohocorp CWE-863
7.5
2023-08-04 CVE-2023-38332 Unspecified vulnerability in Zohocorp Manageengine Admanager Plus
Zoho ManageEngine ADManager Plus through 7201 allow authenticated users to take over another user's account via sensitive information disclosure.
network
low complexity
zohocorp
6.5
2023-08-04 CVE-2023-29505 Origin Validation Error vulnerability in Zohocorp Manageengine Network Configuration Manager 12.6
An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165.
network
low complexity
zohocorp CWE-346
8.8
2023-07-28 CVE-2023-38331 Cross-site Scripting vulnerability in Zohocorp Manageengine Supportcenter Plus
Zoho ManageEngine Support Center Plus 14001 and below is vulnerable to stored XSS in the products module.
network
low complexity
zohocorp CWE-79
5.4
2023-07-07 CVE-2023-34197 Unspecified vulnerability in Zohocorp Manageengine Servicedesk Plus 8.1/8.2/9.0
Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and SupportCenter Plus before 14300 have a privilege escalation vulnerability in the Release module that allows unprivileged users to access the Reminders of a release ticket and make modifications.
network
low complexity
zohocorp
5.4
2023-07-07 CVE-2023-37308 Cross-site Scripting vulnerability in Zohocorp Manageengine Adaudit Plus
Zoho ManageEngine ADAudit Plus before 7100 allows XSS via the username field.
network
low complexity
zohocorp CWE-79
5.4
2023-07-05 CVE-2023-35786 XXE vulnerability in Zohocorp Manageengine Admanager Plus
Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view files.
network
low complexity
zohocorp CWE-611
4.9
2023-06-20 CVE-2023-35854 Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Adselfservice Plus
Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator.
network
low complexity
zohocorp CWE-306
critical
9.8