Vulnerabilities > Zohocorp > Low

DATE CVE VULNERABILITY TITLE RISK
2024-01-25 CVE-2023-50785 Path Traversal vulnerability in Zohocorp Manageengine Adaudit Plus 7.2
Zoho ManageEngine ADAudit Plus before 7270 allows admin users to view names of arbitrary directories via path traversal.
network
low complexity
zohocorp CWE-22
2.7
2.7
2022-11-17 CVE-2022-42903 Missing Authorization vulnerability in Zohocorp Manageengine Supportcenter Plus 11.0
Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the organization users list.
local
low complexity
zohocorp CWE-862
3.3
3.3
2022-01-27 CVE-2021-46065 Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 11.3
A Cross-site scripting (XSS) vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 allows an attackers to inject arbitrary JavaScript code.
network
zohocorp CWE-79
3.5
3.5
2021-10-05 CVE-2021-33849 Cross-site Scripting vulnerability in Zohocorp Zoho CRM Lead Magnet 1.7.2.4
A Cross-Site Scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user’s browser while the browser is connected to a trusted website.
network
zohocorp CWE-79
3.5
3.5
2021-07-01 CVE-2021-31813 Cross-site Scripting vulnerability in Zohocorp Manageengine Applications Manager
Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD.
network
zohocorp CWE-79
3.5
3.5
2021-06-07 CVE-2021-28382 Cross-site Scripting vulnerability in Zohocorp Manageengine KEY Manager Plus 5.6/6.0
Zoho ManageEngine Key Manager Plus before 6001 allows Stored XSS on the user-management page while importing malicious user details from AD.
network
zohocorp CWE-79
3.5
3.5
2021-02-03 CVE-2019-16268 Injection vulnerability in Zohocorp Manageengine Remote Access Plus 10.0.259
Zoho ManageEngine Remote Access Plus 10.0.259 allows HTML injection via the Description field on the Admin - User Administration userMgmt.do?actionToCall=ShowUser screen.
network
zohocorp CWE-74
3.5
3.5
2021-01-06 CVE-2019-16962 Injection vulnerability in Zohocorp Manageengine Desktop Central 10.0.430
Zoho ManageEngine Desktop Central 10.0.430 allows HTML injection via a modified Report Name in a New Custom Report.
network
zohocorp CWE-74
3.5
3.5
2020-01-23 CVE-2020-6843 Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 8.2/9.0
Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS.
network
zohocorp CWE-79
3.5
3.5
2019-05-23 CVE-2017-11560 Cross-site Scripting vulnerability in Zohocorp Manageengine Opmanager 12.2
An issue was discovered in ZOHO ManageEngine OpManager 12.2.
network
zohocorp CWE-79
3.5
3.5