Vulnerabilities > Zohocorp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-21 | CVE-2018-20339 | Cross-site Scripting vulnerability in Zohocorp Manageengine Opmanager 12.3 Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the Notes column of the Alarms section. | 4.3 |
| 2018-12-21 | CVE-2018-20338 | SQL Injection vulnerability in Zohocorp Manageengine Opmanager 12.3 Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section. | 7.5 |
| 2018-12-17 | CVE-2018-20173 | SQL Injection vulnerability in Zohocorp Manageengine Opmanager 12.3 Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API. | 7.5 |
| 2018-12-13 | CVE-2018-19118 | Out-of-bounds Write vulnerability in Zohocorp Manageengine Adaudit Plus Zoho ManageEngine ADAudit before 5.1 build 5120 allows remote attackers to cause a denial of service (stack-based buffer overflow) via the 'Domain Name' field when adding a new domain. | 5.0 |
| 2018-12-06 | CVE-2018-19921 | Cross-site Scripting vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain controller. | 4.3 |
| 2018-11-20 | CVE-2018-18716 | Cross-site Scripting vulnerability in Zohocorp Manageengine Opmanager 12.3 Zoho ManageEngine OpManager 12.3 before 123219 has a Self XSS Vulnerability. | 4.3 |
| 2018-11-20 | CVE-2018-18715 | Cross-site Scripting vulnerability in Zohocorp Manageengine Opmanager 12.3 Zoho ManageEngine OpManager 12.3 before 123219 has stored XSS. | 4.3 |
| 2018-11-15 | CVE-2018-19288 | Cross-site Scripting vulnerability in Zohocorp Manageengine Opmanager 11.4/11.5/12.3 Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API. | 4.3 |
| 2018-11-06 | CVE-2018-18980 | XXE vulnerability in Zohocorp products An XML External Entity injection (XXE) vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML parameter in a /devices/ProcessRequest.do GET request. | 5.0 |
| 2018-11-05 | CVE-2018-18949 | SQL Injection vulnerability in Zohocorp Manageengine Opmanager 11.4/12.3 Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings. | 7.5 |