Zohocorp : Security Vulnerabilities, CVEs, CVSS score between 2 and 3.99

CVE-2023-50785

Zoho ManageEngine ADAudit Plus before 7270 allows admin users to view names of arbitrary directories via path traversal.
Max CVSS
2.7
EPSS Score
0.07%
Published
2024-01-25
Updated
2024-01-31

CVE-2022-42903

Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the organization users list.
Max CVSS
3.3
EPSS Score
0.06%
Published
2022-11-17
Updated
2022-11-22

CVE-2015-5150

Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.90 allow remote authenticated users to inject arbitrary web script or HTML via the (1) query parameter in the run_query_editor_query module to CustomReportHandler.do, (2) compAcct parameter to jsp/ResetADPwd.jsp, or (3) redirectTo parameter to jsp/CacheScreenWidth.jsp.
Max CVSS
3.5
EPSS Score
0.22%
Published
2015-06-30
Updated
2015-07-01

CVE-2015-5061

Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 and earlier allows remote authenticated users with permissions to add new vendors to inject arbitrary web script or HTML via the organizationName parameter to VendorDef.do.
Max CVSS
3.5
EPSS Score
0.09%
Published
2015-06-24
Updated
2016-12-07

CVE-2014-2670

Cross-site scripting (XSS) vulnerability in Properties.do in ZOHO ManageEngine OpStor before build 8500 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter, a different vulnerability than CVE-2014-0344.
Max CVSS
3.5
EPSS Score
0.08%
Published
2014-03-29
Updated
2015-07-24
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close