Vulnerabilities > Zohocorp > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-15 | CVE-2018-8721 | Cross-site Scripting vulnerability in Zohocorp Manageengine Eventlog Analyzer 11.0 Zoho ManageEngine EventLog Analyzer version 11.0 build 11000 has Stored XSS related to the index2.do?url=editAlertForm&tab=alert&alert=profile URI and the Edit Alert Profile screen | 6.1 |
| 2018-03-13 | CVE-2018-7405 | Cross-site Scripting vulnerability in Zohocorp Manageengine Eventlog Analyzer Cross-site scripting (XSS) in Zoho ManageEngine EventLog Analyzer before 11.12 Build 11120 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2017-12-15 | CVE-2017-17698 | Cross-site Scripting vulnerability in Zohocorp Manageengine Password Manager PRO Zoho ManageEngine Password Manager Pro 9 before 9.4 (9400) has reflected XSS in SearchResult.ec and BulkAccessControlView.ec. | 6.1 |
| 2017-09-30 | CVE-2017-14582 | Improper Certificate Validation vulnerability in Zohocorp Site24X7 Mobile Network Poller 1.1.4 The Zoho Site24x7 Mobile Network Poller application before 1.1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a self-signed certificate. | 5.9 |
| 2017-07-27 | CVE-2017-11687 | Cross-site Scripting vulnerability in Zohocorp Manageengine Eventlog Analyzer 11.4/11.5 Multiple Persistent cross-site scripting (XSS) vulnerabilities in Event log parsing and Display functions in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML via syslog. | 6.1 |
| 2017-07-27 | CVE-2017-11686 | Cross-site Scripting vulnerability in Zohocorp Manageengine Eventlog Analyzer 11.4/11.5 Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allows remote attackers to obtain an authenticated user's password via XSS vulnerabilities or sniffing non-SSL traffic on the network, because the password is represented in a cookie with a reversible encoding method. | 6.1 |
| 2017-07-27 | CVE-2017-11685 | Cross-site Scripting vulnerability in Zohocorp Manageengine Eventlog Analyzer 11.4/11.5 Multiple Reflective cross-site scripting (XSS) vulnerabilities in search and display of event data in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML, as demonstrated by the fName parameter. | 6.1 |
| 2017-06-27 | CVE-2015-7780 | Path Traversal vulnerability in Zohocorp Manageengine Firewall Analyzer 7.2/7.4/7.6 Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0. | 6.5 |
| 2017-04-14 | CVE-2016-4890 | 7PK - Security Features vulnerability in Zohocorp Servicedesk Plus 9.0 ZOHO ManageEngine ServiceDesk Plus before 9.2 uses an insecure method for generating cookies, which makes it easier for attackers to obtain sensitive password information by leveraging access to a cookie. | 5.3 |
| 2017-04-14 | CVE-2016-4888 | Cross-site Scripting vulnerability in Zohocorp Servicedesk Plus 9.0 Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ServiceDesk Plus before 9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |