Vulnerabilities > Zohocorp

DATE CVE VULNERABILITY TITLE RISK
2023-02-01 CVE-2023-23073 Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 14.0
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component.
network
low complexity
zohocorp CWE-79
6.1
2023-02-01 CVE-2023-23074 Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 14.0
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component.
network
low complexity
zohocorp CWE-79
6.1
2023-02-01 CVE-2023-23075 Cross-site Scripting vulnerability in Zohocorp Manageengine Assetexplorer 6.9
Cross Site Scripting (XSS) vulnerability in Zoho Asset Explorer 6.9 via the credential name when creating a new Assets Workstation.
network
low complexity
zohocorp CWE-79
6.1
2023-02-01 CVE-2023-23076 OS Command Injection vulnerability in Zohocorp Manageengine Supportcenter Plus 11.0
OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedules.
network
low complexity
zohocorp CWE-78
critical
9.8
2023-02-01 CVE-2023-23077 Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 13.0
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment.
network
low complexity
zohocorp CWE-79
6.1
2023-02-01 CVE-2023-23078 Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 14.0
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets.
network
low complexity
zohocorp CWE-79
6.1
2023-01-20 CVE-2023-22964 Improper Authentication vulnerability in Zohocorp Manageengine Servicedesk Plus MSP 10.6/13.0
Zoho ManageEngine ServiceDesk Plus MSP before 10611, and 13x before 13004, is vulnerable to authentication bypass when LDAP authentication is enabled.
network
low complexity
zohocorp CWE-287
critical
9.1
2023-01-18 CVE-2022-47966 Unspecified vulnerability in Zohocorp products
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections.
network
low complexity
zohocorp
critical
9.8
2023-01-17 CVE-2023-22624 XXE vulnerability in Zohocorp Manageengine Exchange Reporter Plus
Zoho ManageEngine Exchange Reporter Plus before 5708 allows attackers to conduct XXE attacks.
network
low complexity
zohocorp CWE-611
7.5
2023-01-05 CVE-2022-47523 SQL Injection vulnerability in Zohocorp Manageengine Password Manager PRO
Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pro before 12210, and PAM360 before 5801 are vulnerable to SQL Injection.
network
low complexity
zohocorp CWE-89
critical
9.8