Vulnerabilities > Zohocorp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-01 | CVE-2023-23074 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 14.0 Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component. | 6.1 |
| 2023-02-01 | CVE-2023-23075 | Cross-site Scripting vulnerability in Zohocorp Manageengine Assetexplorer 6.9 Cross Site Scripting (XSS) vulnerability in Zoho Asset Explorer 6.9 via the credential name when creating a new Assets Workstation. | 6.1 |
| 2023-02-01 | CVE-2023-23076 | OS Command Injection vulnerability in Zohocorp Manageengine Supportcenter Plus 11.0 OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedules. | 9.8 |
| 2023-02-01 | CVE-2023-23077 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 13.0 Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment. | 6.1 |
| 2023-02-01 | CVE-2023-23078 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 14.0 Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets. | 6.1 |
| 2023-01-20 | CVE-2023-22964 | Improper Authentication vulnerability in Zohocorp Manageengine Servicedesk Plus MSP 10.6/13.0 Zoho ManageEngine ServiceDesk Plus MSP before 10611, and 13x before 13004, is vulnerable to authentication bypass when LDAP authentication is enabled. | 9.1 |
| 2023-01-18 | CVE-2022-47966 | Unspecified vulnerability in Zohocorp products Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. | 9.8 |
| 2023-01-17 | CVE-2023-22624 | XXE vulnerability in Zohocorp Manageengine Exchange Reporter Plus Zoho ManageEngine Exchange Reporter Plus before 5708 allows attackers to conduct XXE attacks. | 7.5 |
| 2023-01-05 | CVE-2022-47523 | SQL Injection vulnerability in Zohocorp Manageengine Password Manager PRO Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pro before 12210, and PAM360 before 5801 are vulnerable to SQL Injection. | 9.8 |
| 2022-12-20 | CVE-2022-47577 | Unspecified vulnerability in Zohocorp Manageengine Device Control Plus 10.1.2228.15 An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. | 7.8 |