Vulnerabilities > Zohocorp > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-18 | CVE-2023-49943 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus MSP Zoho ManageEngine ServiceDesk Plus MSP before 14504 allows stored XSS (by a low-privileged technician) via a task's name in a time sheet. | 5.4 |
| 2023-12-29 | CVE-2023-50891 | Cross-site Scripting vulnerability in Zohocorp Zoho Forms Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoho Forms Form plugin for WordPress – Zoho Forms allows Stored XSS.This issue affects Form plugin for WordPress – Zoho Forms: from n/a through 3.0.1. | 5.4 |
| 2023-11-15 | CVE-2023-6105 | Unspecified vulnerability in Zohocorp products An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. | 5.5 |
| 2023-11-03 | CVE-2023-4767 | Injection vulnerability in Zohocorp Manageengine Desktop Central 9.1.0 A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. | 6.1 |
| 2023-11-03 | CVE-2023-4768 | CRLF Injection vulnerability in Zohocorp Manageengine Desktop Central 9.1.0 A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. | 6.1 |
| 2023-09-27 | CVE-2023-41904 | Improper Authentication vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass (for AuthToken generation) in REST APIs. | 5.4 |
| 2023-09-06 | CVE-2023-35719 | Insufficient Verification of Data Authenticity vulnerability in Zohocorp Manageengine Adselfservice Plus 6.1 ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability. | 6.8 |
| 2023-08-31 | CVE-2023-39912 | Path Traversal vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus before 7203 allows Help Desk Technician users to read arbitrary files on the machine where this product is installed. | 4.9 |
| 2023-08-17 | CVE-2023-31492 | Insufficiently Protected Credentials vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users. | 6.5 |
| 2023-08-11 | CVE-2020-27449 | Cross-site Scripting vulnerability in Zohocorp Manageengine Password Manager PRO 11.1 Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload. | 6.1 |