Vulnerabilities > Zohocorp > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-25 | CVE-2023-50785 | Path Traversal vulnerability in Zohocorp Manageengine Adaudit Plus 7.2 Zoho ManageEngine ADAudit Plus before 7270 allows admin users to view names of arbitrary directories via path traversal. | 2.7 |
2022-11-17 | CVE-2022-42903 | Missing Authorization vulnerability in Zohocorp Manageengine Supportcenter Plus 11.0 Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the organization users list. | 3.3 |
2022-01-27 | CVE-2021-46065 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 11.3 A Cross-site scripting (XSS) vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 allows an attackers to inject arbitrary JavaScript code. | 3.5 |
2021-10-05 | CVE-2021-33849 | Cross-site Scripting vulnerability in Zohocorp Zoho CRM Lead Magnet 1.7.2.4 A Cross-Site Scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user’s browser while the browser is connected to a trusted website. | 3.5 |
2021-07-01 | CVE-2021-31813 | Cross-site Scripting vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD. | 3.5 |
2021-06-07 | CVE-2021-28382 | Cross-site Scripting vulnerability in Zohocorp Manageengine KEY Manager Plus 5.6/6.0 Zoho ManageEngine Key Manager Plus before 6001 allows Stored XSS on the user-management page while importing malicious user details from AD. | 3.5 |
2021-02-03 | CVE-2019-16268 | Injection vulnerability in Zohocorp Manageengine Remote Access Plus 10.0.259 Zoho ManageEngine Remote Access Plus 10.0.259 allows HTML injection via the Description field on the Admin - User Administration userMgmt.do?actionToCall=ShowUser screen. | 3.5 |
2021-01-06 | CVE-2019-16962 | Injection vulnerability in Zohocorp Manageengine Desktop Central 10.0.430 Zoho ManageEngine Desktop Central 10.0.430 allows HTML injection via a modified Report Name in a New Custom Report. | 3.5 |
2020-01-23 | CVE-2020-6843 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 8.2/9.0 Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. | 3.5 |
2019-05-23 | CVE-2017-11560 | Cross-site Scripting vulnerability in Zohocorp Manageengine Opmanager 12.2 An issue was discovered in ZOHO ManageEngine OpManager 12.2. | 3.5 |