Vulnerabilities > Zohocorp > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-29 | CVE-2021-40176 | Cross-site Scripting vulnerability in Zohocorp Manageengine Log360 5.0/5.1/5.2 Zoho ManageEngine Log360 before Build 5225 allows stored XSS. | 6.1 |
| 2021-08-29 | CVE-2021-40178 | Cross-site Scripting vulnerability in Zohocorp Manageengine Log360 5.0/5.1/5.2 Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the LOGO_PATH key value in the logon settings. | 6.1 |
| 2021-07-31 | CVE-2021-33617 | Unspecified vulnerability in Zohocorp Manageengine Password Manager PRO Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/AjaxResponse.jsp?RequestType=GetUserDomainName&userName= username enumeration, because the response (to a failed login request) is null only when the username is invalid. | 5.3 |
| 2021-07-17 | CVE-2021-36771 | Cross-site Scripting vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus before 7110 allows reflected XSS. | 6.1 |
| 2021-07-17 | CVE-2021-36772 | Cross-site Scripting vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus before 7110 allows stored XSS. | 6.1 |
| 2021-07-02 | CVE-2021-31874 | Unspecified vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus before 6104, in rare situations, allows attackers to obtain sensitive information about the password-sync database application. | 5.9 |
| 2021-07-01 | CVE-2021-31813 | Cross-site Scripting vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD. | 5.4 |
| 2021-06-16 | CVE-2021-31159 | Information Exposure Through an Error Message vulnerability in Zohocorp Manageengine Servicedesk Plus MSP 10.5 Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a User Enumeration bug due to improper error-message generation in the Forgot Password functionality, aka SDPMSP-15732. | 5.3 |
| 2021-06-16 | CVE-2021-31857 | Unspecified vulnerability in Zohocorp Manageengine Password Manager PRO In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, attackers are able to retrieve credentials via a browser extension for non-website resource types. | 5.9 |
| 2021-06-07 | CVE-2021-28382 | Cross-site Scripting vulnerability in Zohocorp Manageengine KEY Manager Plus 5.6/6.0 Zoho ManageEngine Key Manager Plus before 6001 allows Stored XSS on the user-management page while importing malicious user details from AD. | 5.4 |