Vulnerabilities > Zohocorp > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-23 | CVE-2024-38869 | Cross-site Scripting vulnerability in Zohocorp products Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25. | 5.4 |
| 2024-08-23 | CVE-2024-41150 | Cross-site Scripting vulnerability in Zohocorp products An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800. | 6.1 |
| 2024-08-12 | CVE-2024-36518 | SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's dashboard. | 5.4 |
| 2024-08-01 | CVE-2024-5678 | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature. | 4.7 |
| 2024-05-29 | CVE-2024-27313 | Cross-site Scripting vulnerability in Zohocorp Manageengine Pam360 6.6 Zoho ManageEngine PAM360 is vulnerable to Stored XSS vulnerability. | 4.6 |
| 2024-05-27 | CVE-2024-27310 | Unspecified vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP input. | 6.5 |
| 2024-05-27 | CVE-2024-36037 | Incorrect Authorization vulnerability in Zohocorp Manageengine Adaudit Plus Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to view the session recordings. | 5.5 |
| 2024-01-18 | CVE-2023-49943 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus MSP Zoho ManageEngine ServiceDesk Plus MSP before 14504 allows stored XSS (by a low-privileged technician) via a task's name in a time sheet. | 5.4 |
| 2023-12-29 | CVE-2023-50891 | Cross-site Scripting vulnerability in Zohocorp Zoho Forms Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoho Forms Form plugin for WordPress – Zoho Forms allows Stored XSS.This issue affects Form plugin for WordPress – Zoho Forms: from n/a through 3.0.1. | 5.4 |
| 2023-11-15 | CVE-2023-6105 | Unspecified vulnerability in Zohocorp products An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. | 5.5 |