Vulnerabilities > Zohocorp > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-21 | CVE-2019-12252 | Authorization Bypass Through User-Controlled Key vulnerability in Zohocorp Manageengine Servicedesk Plus In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail¬ifyTo=SOLFORWARD&id= substring. | 6.5 |
| 2019-05-21 | CVE-2019-12189 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 9.3 An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. | 6.1 |
| 2019-05-17 | CVE-2019-8929 | Cross-site Scripting vulnerability in Zohocorp Manageengine Netflow Analyzer 7.0.0.2 An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. | 6.1 |
| 2019-05-17 | CVE-2019-8928 | Cross-site Scripting vulnerability in Zohocorp Manageengine Netflow Analyzer 7.0.0.2 An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. | 6.1 |
| 2019-05-17 | CVE-2019-8927 | Cross-site Scripting vulnerability in Zohocorp Manageengine Netflow Analyzer 7.0.0.2 An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. | 6.1 |
| 2019-05-17 | CVE-2019-8926 | Cross-site Scripting vulnerability in Zohocorp Manageengine Netflow Analyzer 7.0.0.2 An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. | 6.1 |
| 2019-05-17 | CVE-2019-8925 | Path Traversal vulnerability in Zohocorp Manageengine Netflow Analyzer 7.0.0.2 An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. | 4.3 |
| 2019-05-07 | CVE-2019-7427 | Cross-site Scripting vulnerability in Zohocorp Manageengine Netflow Analyzer 7.0.0.2 XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the autorefTime or graphTypes parameter. | 6.1 |
| 2019-05-07 | CVE-2019-7426 | Cross-site Scripting vulnerability in Zohocorp Manageengine Netflow Analyzer 7.0.0.2 XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the groupDesc, groupName, groupID, or task parameter. | 6.1 |
| 2019-05-02 | CVE-2019-11676 | Cross-site Scripting vulnerability in Zohocorp Manageengine Firewall Analyzer The user defined DNS name in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to stored XSS attacks. | 6.1 |