Vulnerabilities > Zohocorp > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-10 | CVE-2021-46166 | Information Exposure vulnerability in Zohocorp Manageengine Desktop Central Zoho ManageEngine Desktop Central before 10.0.662 allows authenticated users to obtain sensitive information from the database by visiting the Reports page. | 6.5 |
| 2022-01-03 | CVE-2021-20147 | Information Exposure Through Discrepancy vulnerability in Zohocorp Manageengine Adselfservice Plus ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of the ChangePasswordAPI. | 5.3 |
| 2022-01-03 | CVE-2021-20148 | Files or Directories Accessible to External Parties vulnerability in Zohocorp Manageengine Adselfservice Plus ManageEngine ADSelfService Plus below build 6116 stores the password policy file for each domain under the html/ web root with a predictable filename based on the domain name. | 4.3 |
| 2021-11-30 | CVE-2021-43294 | Cross-site Scripting vulnerability in Zohocorp Manageengine Supportcenter Plus 11.0 Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Products module. | 6.1 |
| 2021-11-30 | CVE-2021-43295 | Cross-site Scripting vulnerability in Zohocorp Manageengine Supportcenter Plus 11.0 Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Accounts module. | 6.1 |
| 2021-10-21 | CVE-2021-35512 | Server-Side Request Forgery (SSRF) vulnerability in Zohocorp Manageengine Applications Manager 15.2 An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200. | 6.5 |
| 2021-10-07 | CVE-2021-37922 | Path Traversal vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to path traversal which allows copying of files from one directory to another. | 5.3 |
| 2021-10-05 | CVE-2021-33849 | Cross-site Scripting vulnerability in Zohocorp Zoho CRM Lead Magnet 1.7.2.4 A Cross-Site Scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user’s browser while the browser is connected to a trusted website. | 5.4 |
| 2021-09-21 | CVE-2021-37420 | Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Admanager Plus 6.1 Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing. | 6.5 |
| 2021-08-30 | CVE-2021-37416 | Cross-site Scripting vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the loadframe page. | 6.1 |