Vulnerabilities > Zohocorp > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-05 | CVE-2019-12543 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 9.3 An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. | 6.1 |
| 2019-06-05 | CVE-2019-12542 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 9.3 An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. | 6.1 |
| 2019-06-05 | CVE-2019-12541 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 9.3 An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. | 6.1 |
| 2019-06-05 | CVE-2019-12538 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 9.3 An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. | 6.1 |
| 2019-05-24 | CVE-2019-8346 | Cross-site Scripting vulnerability in Zohocorp Manageengine Adselfservice Plus In Zoho ManageEngine ADSelfService Plus 5.x through 5704, an authorization.do cross-site Scripting (XSS) vulnerability allows for an unauthenticated manipulation of the JavaScript code by injecting the HTTP form parameter adscsrf. | 6.1 |
| 2019-05-23 | CVE-2017-11560 | Cross-site Scripting vulnerability in Zohocorp Manageengine Opmanager 12.2 An issue was discovered in ZOHO ManageEngine OpManager 12.2. | 5.4 |
| 2019-05-23 | CVE-2017-11557 | Information Exposure vulnerability in Zohocorp Manageengine Applications Manager 12.3 An issue was discovered in ZOHO ManageEngine Applications Manager 12.3. | 5.3 |
| 2019-05-23 | CVE-2017-11739 | Cross-site Scripting vulnerability in Zohocorp Manageengine Applications Manager 13.1 In Zoho ManageEngine Application Manager 13.1 Build 13100, an authenticated user, with administrative privileges, has the ability to add a widget on any dashboard. | 6.1 |
| 2019-05-23 | CVE-2017-11561 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Opmanager 12.2 An issue was discovered in ZOHO ManageEngine OpManager 12.2. | 6.5 |
| 2019-05-21 | CVE-2019-12252 | Authorization Bypass Through User-Controlled Key vulnerability in Zohocorp Manageengine Servicedesk Plus In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail¬ifyTo=SOLFORWARD&id= substring. | 6.5 |