Vulnerabilities > Zohocorp > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-07 | CVE-2023-34197 | Unspecified vulnerability in Zohocorp Manageengine Servicedesk Plus 8.1/8.2/9.0 Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and SupportCenter Plus before 14300 have a privilege escalation vulnerability in the Release module that allows unprivileged users to access the Reminders of a release ticket and make modifications. | 5.4 |
| 2023-07-07 | CVE-2023-37308 | Cross-site Scripting vulnerability in Zohocorp Manageengine Adaudit Plus Zoho ManageEngine ADAudit Plus before 7100 allows XSS via the username field. | 5.4 |
| 2023-07-05 | CVE-2023-35786 | XXE vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view files. | 4.9 |
| 2023-04-26 | CVE-2023-29442 | Cross-site Scripting vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS. | 6.1 |
| 2023-04-26 | CVE-2023-29443 | XXE vulnerability in Zohocorp products Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint. | 4.9 |
| 2023-04-11 | CVE-2023-28340 | XXE vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack. | 6.5 |
| 2023-04-11 | CVE-2023-28341 | Cross-site Scripting vulnerability in Zohocorp Manageengine Applications Manager Stored Cross site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malicious javascript on the incorrect login details page. | 6.1 |
| 2023-03-30 | CVE-2022-43473 | Unspecified vulnerability in Zohocorp Manageengine Opmanager A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. | 5.4 |
| 2023-03-06 | CVE-2023-26600 | Unspecified vulnerability in Zohocorp products ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports. | 6.5 |
| 2023-02-13 | CVE-2023-0169 | Unspecified vulnerability in Zohocorp Zoho Forms The Zoho Forms WordPress plugin before 3.0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |