Vulnerabilities > Zohocorp > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-06-17 CVE-2019-12476 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Zohocorp Manageengine Adselfservice Plus 4.5/5.0
An authentication bypass vulnerability in the password reset functionality in Zoho ManageEngine ADSelfService Plus before 5.0.6 allows an attacker with physical access to gain a shell with SYSTEM privileges via the restricted thick client browser.
low complexity
zohocorp CWE-640
6.8
6.8
2019-06-05 CVE-2019-12543 Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 9.3
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3.
network
low complexity
zohocorp CWE-79
6.1
6.1
2019-06-05 CVE-2019-12542 Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 9.3
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3.
network
low complexity
zohocorp CWE-79
6.1
6.1
2019-06-05 CVE-2019-12541 Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 9.3
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3.
network
low complexity
zohocorp CWE-79
6.1
6.1
2019-06-05 CVE-2019-12538 Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 9.3
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3.
network
low complexity
zohocorp CWE-79
6.1
6.1
2019-05-24 CVE-2019-8346 Cross-site Scripting vulnerability in Zohocorp Manageengine Adselfservice Plus
In Zoho ManageEngine ADSelfService Plus 5.x through 5704, an authorization.do cross-site Scripting (XSS) vulnerability allows for an unauthenticated manipulation of the JavaScript code by injecting the HTTP form parameter adscsrf.
network
low complexity
zohocorp CWE-79
6.1
6.1
2019-05-23 CVE-2017-11560 Cross-site Scripting vulnerability in Zohocorp Manageengine Opmanager 12.2
An issue was discovered in ZOHO ManageEngine OpManager 12.2.
network
low complexity
zohocorp CWE-79
5.4
5.4
2019-05-23 CVE-2017-11557 Information Exposure vulnerability in Zohocorp Manageengine Applications Manager 12.3
An issue was discovered in ZOHO ManageEngine Applications Manager 12.3.
network
low complexity
zohocorp CWE-200
5.3
5.3
2019-05-23 CVE-2017-11739 Cross-site Scripting vulnerability in Zohocorp Manageengine Applications Manager 13.1
In Zoho ManageEngine Application Manager 13.1 Build 13100, an authenticated user, with administrative privileges, has the ability to add a widget on any dashboard.
network
low complexity
zohocorp CWE-79
6.1
6.1
2019-05-23 CVE-2017-11561 Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Opmanager 12.2
An issue was discovered in ZOHO ManageEngine OpManager 12.2.
network
low complexity
zohocorp CWE-434
6.5
6.5