Vulnerabilities > Zohocorp > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-07-13 CVE-2016-9491 Information Exposure vulnerability in Zohocorp Manageengine Applications Manager 12.0/13.0
ManageEngine Applications Manager 12 and 13 before build 13690 allows an authenticated user, who is able to access /register.do page (most likely limited to administrator), to browse the filesystem and read the system files, including Applications Manager configuration, stored private keys, etc.
network
low complexity
zohocorp CWE-200
4.9
4.9
2018-07-02 CVE-2018-10076 Cross-site Scripting vulnerability in Zohocorp Manageengine Eventlog Analyzer 11.12
An issue was discovered in Zoho ManageEngine EventLog Analyzer 11.12.
network
low complexity
zohocorp CWE-79
6.1
6.1
2018-07-02 CVE-2018-10075 Cross-site Scripting vulnerability in Zohocorp Manageengine Eventlog Analyzer 11.12
Cross-site scripting (XSS) vulnerability in Zoho ManageEngine EventLog Analyzer 11.12 allows remote attackers to inject arbitrary web script or HTML via the import logs feature.
network
low complexity
zohocorp CWE-79
6.1
6.1
2018-06-29 CVE-2018-12998 Cross-site Scripting vulnerability in Zohocorp products
A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.
network
low complexity
zohocorp CWE-79
6.1
6.1
2018-06-29 CVE-2018-12996 Cross-site Scripting vulnerability in Zohocorp Manageengine Applications Manager
A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager before 13 (Build 13800) allows remote attackers to inject arbitrary web script or HTML via the parameter 'method' to GraphicalView.do.
network
low complexity
zohocorp CWE-79
6.1
6.1
2018-05-11 CVE-2018-7248 Unspecified vulnerability in Zohocorp Manageengine Servicedesk Plus 9.3
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3 Build 9317.
network
low complexity
zohocorp
5.3
5.3
2018-05-10 CVE-2018-10803 Cross-site Scripting vulnerability in Zohocorp Manageengine Netflow Analyzer
Cross-site scripting (XSS) vulnerability in the add credentials functionality in Zoho ManageEngine NetFlow Analyzer v12.3 before 12.3.125 (build 123125) allows remote attackers to inject arbitrary web script or HTML via a crafted description value.
network
low complexity
zohocorp CWE-79
6.1
6.1
2018-04-02 CVE-2018-9163 Cross-site Scripting vulnerability in Zohocorp Manageengine Recovery Manager Plus
A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 (Build 5350) allows remote authenticated users (with Add New Technician permissions) to inject arbitrary web script or HTML via the loginName field to technicianAction.do.
network
low complexity
zohocorp CWE-79
5.4
5.4
2018-03-30 CVE-2018-5799 Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus
In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows an attacker to run arbitrary JavaScript via a /api/request/?OPERATION_NAME= URI, aka SD-69139.
network
low complexity
zohocorp CWE-79
6.1
6.1
2018-03-15 CVE-2018-8722 Cross-site Scripting vulnerability in Zohocorp Manageengine Desktop Central 9.1.0
Zoho ManageEngine Desktop Central version 9.1.0 build 91099 has multiple XSS issues that were fixed in build 92026.
network
low complexity
zohocorp CWE-79
6.1
6.1