Vulnerabilities > Zohocorp
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-08-23 | CVE-2011-5105 | Cross-Site Scripting vulnerability in Zohocorp Manageengine Adselfservice Plus 4.5 Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 allow remote attackers to inject arbitrary web script or HTML via the (1) searchType and (2) searchString parameters, a different vulnerability than CVE-2010-3274. | 4.3 |
2011-11-23 | CVE-2010-5050 | Cross-Site Scripting vulnerability in Zohocorp Manageengine Admanager Plus 4.4.0 Cross-site scripting (XSS) vulnerability in jsp/admin/tools/remote_share.jsp in ManageEngine ADManager Plus 4.4.0 allows remote attackers to inject arbitrary web script or HTML via the computerName parameter. | 4.3 |
2011-02-17 | CVE-2010-3274 | Cross-Site Scripting vulnerability in Zohocorp Manageengine Adselfservice Plus Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a (1) showList or (2) Search action. | 4.3 |
2011-02-17 | CVE-2010-3273 | Improper Input Validation vulnerability in Zohocorp Manageengine Adselfservice Plus ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, by providing a user id to accounts/ValidateUser, and then providing a new password to accounts/ResetResult. | 5.0 |
2011-02-17 | CVE-2010-3272 | Improper Input Validation vulnerability in Zohocorp Manageengine Adselfservice Plus accounts/ValidateAnswers in the security-questions implementation in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 makes it easier for remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, via a modified (1) Hide_Captcha or (2) quesList parameter in a validateAll action. | 4.3 |
2009-06-22 | CVE-2009-2155 | Cross-Site Scripting vulnerability in Zohocorp Webnms 5 Cross-site scripting (XSS) vulnerability in report/ReportViewAction.do in WebNMS Free Edition 5 allows remote attackers to inject arbitrary web script or HTML via the type parameter. | 4.3 |