Vulnerabilities > Zohocorp > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-12-18 CVE-2019-18781 Open Redirect vulnerability in Zohocorp Manageengine Adselfservice Plus
An open redirect vulnerability was discovered in Zoho ManageEngine ADSelfService Plus 5.x before 5809 that allows attackers to force users who click on a crafted link to be sent to a specified external site.
network
low complexity
zohocorp CWE-601
6.1
6.1
2019-10-09 CVE-2019-17112 Files or Directories Accessible to External Parties vulnerability in Zohocorp Manageengine Datasecurity Plus
An issue was discovered in Zoho ManageEngine DataSecurity Plus before 5.0.1 5012.
network
low complexity
zohocorp CWE-552
4.3
4.3
2019-08-21 CVE-2019-15045 Information Exposure vulnerability in Zohocorp Manageengine Servicedesk Plus
AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration.
network
low complexity
zohocorp CWE-200
5.3
5.3
2019-07-11 CVE-2019-12597 Cross-site Scripting vulnerability in Zohocorp Manageengine Assetexplorer 6.5
An issue was discovered in Zoho ManageEngine AssetExplorer.
network
low complexity
zohocorp CWE-79
6.1
6.1
2019-07-11 CVE-2019-12596 Cross-site Scripting vulnerability in Zohocorp Manageengine Assetexplorer 6.5
An issue was discovered in Zoho ManageEngine AssetExplorer.
network
low complexity
zohocorp CWE-79
6.1
6.1
2019-07-11 CVE-2019-12595 Cross-site Scripting vulnerability in Zohocorp Manageengine Assetexplorer 6.5
An issue was discovered in Zoho ManageEngine AssetExplorer.
network
low complexity
zohocorp CWE-79
6.1
6.1
2019-07-11 CVE-2019-12540 Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 10.5
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5.
network
low complexity
zohocorp CWE-79
6.1
6.1
2019-07-11 CVE-2019-12539 Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 10.5
An issue was discovered in the Purchase component of Zoho ManageEngine ServiceDesk Plus.
network
low complexity
zohocorp CWE-79
6.1
6.1
2019-07-11 CVE-2019-12537 Cross-site Scripting vulnerability in Zohocorp Manageengine Assetexplorer 6.5
An issue was discovered in Zoho ManageEngine AssetExplorer.
network
low complexity
zohocorp CWE-79
6.1
6.1
2019-06-17 CVE-2019-12476 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Zohocorp Manageengine Adselfservice Plus 4.5/5.0
An authentication bypass vulnerability in the password reset functionality in Zoho ManageEngine ADSelfService Plus before 5.0.6 allows an attacker with physical access to gain a shell with SYSTEM privileges via the restricted thick client browser.
low complexity
zohocorp CWE-640
6.8
6.8