Filtered by vendor Zohocorp
Subscriptions
Total
524 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-23077 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2025-03-27 | 6.1 Medium |
| Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment. | ||||
| CVE-2023-23076 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2025-03-27 | 9.8 Critical |
| OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedules. | ||||
| CVE-2023-23075 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2025-03-27 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Zoho Asset Explorer 6.9 via the credential name when creating a new Assets Workstation. | ||||
| CVE-2023-23074 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2025-03-27 | 6.1 Medium |
| Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component. | ||||
| CVE-2023-23073 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2025-03-27 | 6.1 Medium |
| Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component. | ||||
| CVE-2023-0169 | 1 Zohocorp | 1 Zoho Forms | 2025-03-21 | 5.4 Medium |
| The Zoho Forms WordPress plugin before 3.0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2025-1724 | 1 Zohocorp | 1 Manageengine Analytics Plus | 2025-03-17 | 7.4 High |
| Zohocorp's ManageEngine Analytics Plus and Zoho Analytics on-premise versions older than 6130 are vulnerable to an AD only account takeover because of a hardcoded sensitive token. | ||||
| CVE-2022-48362 | 1 Zohocorp | 1 Manageengine Desktop Central | 2025-03-11 | 8.8 High |
| Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1.2137.2 allow directory traversal via computerName to AgentLogUploadServlet. A remote, authenticated attacker could upload arbitrary code that would be executed when Desktop Central is restarted. (The attacker could authenticate by exploiting CVE-2021-44515.) | ||||
| CVE-2023-38333 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-03-07 | 6.1 Medium |
| Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in. | ||||
| CVE-2023-26600 | 1 Zohocorp | 4 Manageengine Assetexplorer, Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp and 1 more | 2025-03-06 | 6.5 Medium |
| ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports. | ||||
| CVE-2023-26601 | 1 Zohocorp | 4 Manageengine Assetexplorer, Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp and 1 more | 2025-03-06 | 7.5 High |
| Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service (DoS). | ||||
| CVE-2022-36413 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2025-02-25 | 9.1 Critical |
| Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a password reset on IDM applications. | ||||
| CVE-2022-41978 | 1 Zohocorp | 1 Zoho Crm Lead Magnet | 2025-02-20 | 8.8 High |
| Auth. (subscriber+) Arbitrary Options Update vulnerability in Zoho CRM Lead Magnet plugin <= 1.7.5.8 on WordPress. | ||||
| CVE-2023-6105 | 3 Linux, Microsoft, Zohocorp | 41 Linux Kernel, Windows, Manageengine Access Manager Plus and 38 more | 2025-02-13 | 5.5 Medium |
| An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database. | ||||
| CVE-2023-28342 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2025-02-13 | 7.5 High |
| Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication API. | ||||
| CVE-2024-41140 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-02-12 | 8.1 High |
| Zohocorp ManageEngine Applications Manager versions 174000 and prior are vulnerable to the incorrect authorization in the update user function. | ||||
| CVE-2022-43473 | 1 Zohocorp | 3 Manageengine Opmanager, Manageengine Opmanager Msp, Manageengine Opmanager Plus | 2025-02-11 | 5.8 Medium |
| A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve a malicious XML payload to trigger this vulnerability. | ||||
| CVE-2023-28341 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-02-10 | 6.1 Medium |
| Stored Cross site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malicious javascript on the incorrect login details page. | ||||
| CVE-2023-28340 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-02-10 | 6.5 Medium |
| Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack. | ||||
| CVE-2023-29084 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2025-02-07 | 7.2 High |
| Zoho ManageEngine ADManager Plus before 7181 allows for authenticated users to exploit command injection via Proxy settings. | ||||