Vulnerabilities > Zohocorp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-21 | CVE-2019-7424 | Cross-site Scripting vulnerability in Zohocorp Manageengine Netflow Analyzer 7.0.0.2 XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/index.jsp" file in the view GET parameter or any of these POST parameters: autorefTime, section, snapshot, viewOpt, viewAll, view, or groupSelName. | 6.1 |
| 2019-03-21 | CVE-2019-7423 | Cross-site Scripting vulnerability in Zohocorp Manageengine Netflow Analyzer 7.0.0.2 XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/editProfile.jsp" file in the userName parameter. | 6.1 |
| 2019-03-21 | CVE-2019-7422 | Cross-site Scripting vulnerability in Zohocorp Manageengine Netflow Analyzer 7.0.0.2 XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/addMailSettings.jsp" file in the gF parameter. | 6.1 |
| 2019-03-21 | CVE-2019-7161 | Use of Hard-coded Credentials vulnerability in Zohocorp Manageengine Adselfservice Plus An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. | 7.5 |
| 2019-02-17 | CVE-2019-8395 | Use of Incorrectly-Resolved Name or Reference vulnerability in Zohocorp Manageengine Servicedesk Plus An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request. | 9.8 |
| 2019-02-17 | CVE-2019-8394 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Servicedesk Plus Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization. | 6.5 |
| 2019-01-03 | CVE-2019-3905 | Server-Side Request Forgery (SSRF) vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF. | 10.0 |
| 2019-01-03 | CVE-2018-20664 | XXE vulnerability in Zohocorp Manageengine Adselfservice Plus 5.7 Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license. | 9.8 |
| 2018-12-26 | CVE-2018-20485 | Cross-site Scripting vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature. | 6.1 |
| 2018-12-26 | CVE-2018-20484 | Cross-site Scripting vulnerability in Zohocorp Manageengine Adselfservice Plus 5.7 Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation. | 6.1 |