Vulnerabilities > Zohocorp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-11 | CVE-2023-28341 | Cross-site Scripting vulnerability in Zohocorp Manageengine Applications Manager Stored Cross site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malicious javascript on the incorrect login details page. | 6.1 |
| 2023-04-05 | CVE-2023-28342 | Unspecified vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication API. | 7.5 |
| 2023-03-30 | CVE-2022-43473 | Unspecified vulnerability in Zohocorp Manageengine Opmanager A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. | 5.4 |
| 2023-03-23 | CVE-2022-36413 | Improper Restriction of Excessive Authentication Attempts vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a password reset on IDM applications. | 9.1 |
| 2023-03-06 | CVE-2023-26601 | Resource Exhaustion vulnerability in Zohocorp products Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service (DoS). | 7.5 |
| 2023-03-06 | CVE-2023-26600 | Unspecified vulnerability in Zohocorp products ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports. | 6.5 |
| 2023-02-25 | CVE-2022-48362 | Path Traversal vulnerability in Zohocorp Manageengine Desktop Central Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1.2137.2 allow directory traversal via computerName to AgentLogUploadServlet. | 8.8 |
| 2023-02-13 | CVE-2023-0169 | Unspecified vulnerability in Zohocorp Zoho Forms The Zoho Forms WordPress plugin before 3.0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
| 2023-02-01 | CVE-2023-23073 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 14.0 Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component. | 6.1 |
| 2023-02-01 | CVE-2023-23074 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 14.0 Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component. | 6.1 |