Vulnerabilities > Zohocorp > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-12-06 CVE-2018-19921 Cross-site Scripting vulnerability in Zohocorp Manageengine Opmanager
Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain controller.
network
low complexity
zohocorp CWE-79
6.1
6.1
2018-11-20 CVE-2018-18716 Cross-site Scripting vulnerability in Zohocorp Manageengine Opmanager 11.4/11.5/12.3
Zoho ManageEngine OpManager 12.3 before 123219 has a Self XSS Vulnerability.
network
low complexity
zohocorp CWE-79
6.1
6.1
2018-11-20 CVE-2018-18715 Cross-site Scripting vulnerability in Zohocorp Manageengine Opmanager 12.3
Zoho ManageEngine OpManager 12.3 before 123219 has stored XSS.
network
low complexity
zohocorp CWE-79
6.1
6.1
2018-11-15 CVE-2018-19288 Cross-site Scripting vulnerability in Zohocorp Manageengine Opmanager 11.4/11.5/12.3
Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API.
network
low complexity
zohocorp CWE-79
6.1
6.1
2018-10-17 CVE-2018-18262 Cross-site Scripting vulnerability in Zohocorp Manageengine Opmanager 12.3
Zoho ManageEngine OpManager 12.3 before build 123214 has XSS.
network
low complexity
zohocorp CWE-79
6.1
6.1
2018-10-02 CVE-2018-17596 Cross-site Scripting vulnerability in Zohocorp Manageengine Assetexplorer 6.2.0
In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was discovered in the 6.2.0 version via the /AssetDef.do ciName or assetName parameter.
network
low complexity
zohocorp CWE-79
6.1
6.1
2018-09-21 CVE-2018-16965 Cross-site Scripting vulnerability in Zohocorp Manageengine Supportcenter Plus 7.9/7.90/8.0
In Zoho ManageEngine SupportCenter Plus before 8.1 Build 8109, there is HTML Injection and Stored XSS via the /ServiceContractDef.do contractName parameter.
network
low complexity
zohocorp CWE-79
6.1
6.1
2018-09-21 CVE-2018-16833 Cross-site Scripting vulnerability in Zohocorp Manageengine Desktop Central 10.0.271
Zoho ManageEngine Desktop Central 10.0.271 has XSS via the "Features & Articles" search field to the /advsearch.do?SUBREQUEST=XMLHTTP URI.
network
low complexity
zohocorp CWE-79
6.1
6.1
2018-08-28 CVE-2018-15740 Cross-site Scripting vulnerability in Zohocorp Manageengine Admanager Plus 6.5.7
Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen.
network
low complexity
zohocorp CWE-79
6.1
6.1
2018-08-08 CVE-2018-15169 Cross-site Scripting vulnerability in Zohocorp Manageengine Applications Manager
A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager 13 before build 13820 allows remote attackers to inject arbitrary web script or HTML via the /deleteMO.do method parameter.
network
low complexity
zohocorp CWE-79
6.1
6.1