Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-05-20	CVE-2021-27956	Cross-site Scripting vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus before 6104 allows stored XSS on the /webclient/index.html#/directory-search user search page via the e-mail address field. network low complexity zohocorp CWE-79	6.1
2021-04-09	CVE-2021-20080	Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset file. network low complexity zohocorp CWE-79	6.1
2021-03-05	CVE-2020-35594	Cross-site Scripting vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus before 7066 allows XSS. network low complexity zohocorp CWE-79	6.1
2021-02-19	CVE-2021-27214	Server-Side Request Forgery (SSRF) vulnerability in Zohocorp Manageengine Adselfservice Plus 6.0 A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting (XSS) attack against the administrative interface via an HTTP request, a different vulnerability than CVE-2019-3905. network low complexity zohocorp CWE-918	6.1
2021-02-03	CVE-2019-16268	Cross-site Scripting vulnerability in Zohocorp Manageengine Remote Access Plus 10.0.259 Zoho ManageEngine Remote Access Plus 10.0.259 allows HTML injection via the Description field on the Admin - User Administration userMgmt.do?actionToCall=ShowUser screen. network low complexity zohocorp CWE-79	4.8
2021-01-06	CVE-2019-16962	Cross-site Scripting vulnerability in Zohocorp Manageengine Desktop Central 10.0.430 Zoho ManageEngine Desktop Central 10.0.430 allows HTML injection via a modified Report Name in a New Custom Report. network low complexity zohocorp CWE-79	5.4
2020-09-30	CVE-2020-15594	Server-Side Request Forgery (SSRF) vulnerability in Zohocorp Manageengine Application Control Plus An SSRF issue was discovered in Zoho Application Control Plus before version 10.0.511. network low complexity zohocorp CWE-918	4.3
2020-09-30	CVE-2020-15595	Unspecified vulnerability in Zohocorp Manageengine Application Control Plus An issue was discovered in Zoho Application Control Plus before version 10.0.511. network low complexity zohocorp	4.3
2020-09-25	CVE-2020-15521	Cross-site Scripting vulnerability in Zohocorp Manageengine Applications Manager Zoho ManageEngine Applications Manager before 14 build 14730 has no protection against jsp/header.jsp Cross-site Scripting (XSS) . network low complexity zohocorp CWE-79	6.1
2020-05-18	CVE-2020-13154	Missing Authorization vulnerability in Zohocorp Manageengine Servicedesk Plus 11.1 Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet. network low complexity zohocorp CWE-862	6.5