Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2023-02-01	CVE-2023-23073	Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 14.0 Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component. network low complexity zohocorp CWE-79	6.1
2023-02-01	CVE-2023-23074	Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 14.0 Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component. network low complexity zohocorp CWE-79	6.1
2023-02-01	CVE-2023-23075	Cross-site Scripting vulnerability in Zohocorp Manageengine Assetexplorer 6.9 Cross Site Scripting (XSS) vulnerability in Zoho Asset Explorer 6.9 via the credential name when creating a new Assets Workstation. network low complexity zohocorp CWE-79	6.1
2023-02-01	CVE-2023-23077	Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 13.0 Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment. network low complexity zohocorp CWE-79	6.1
2023-02-01	CVE-2023-23078	Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 14.0 Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets. network low complexity zohocorp CWE-79	6.1
2022-11-23	CVE-2022-40771	XXE vulnerability in Zohocorp products Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure. network low complexity zohocorp CWE-611	4.9
2022-11-23	CVE-2022-40772	Unspecified vulnerability in Zohocorp products Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module. network low complexity zohocorp	6.5
2022-11-09	CVE-2022-41978	Unspecified vulnerability in Zohocorp Zoho CRM Lead Magnet Auth. network low complexity zohocorp	6.5
2022-05-20	CVE-2022-28987	Unspecified vulnerability in Zohocorp Manageengine Adselfservice Plus 6.1 Zoho ManageEngine ADSelfService Plus before 6202 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login. network low complexity zohocorp	5.3
2022-04-18	CVE-2022-28810	Use of Hard-coded Credentials vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. network low complexity zohocorp CWE-798	6.8