Zohocorp : Security Vulnerabilities, CVEs, Published In 2023 (XSS)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoho Forms Form plugin for WordPress – Zoho Forms allows Stored XSS.This issue affects Form plugin for WordPress – Zoho Forms: from n/a through 3.0.1.
Max CVSS
6.5
EPSS Score
1.48%
Published
2023-12-29
Updated
2024-01-05
Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in.
Max CVSS
6.1
EPSS Score
0.52%
Published
2023-08-10
Updated
2023-08-15
Zoho ManageEngine Support Center Plus 14001 and below is vulnerable to stored XSS in the products module.
Max CVSS
5.4
EPSS Score
0.99%
Published
2023-07-28
Updated
2023-08-03
Zoho ManageEngine ADAudit Plus before 7100 allows XSS via the username field.
Max CVSS
5.4
EPSS Score
1.03%
Published
2023-07-07
Updated
2023-07-12
Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS.
Max CVSS
6.1
EPSS Score
0.84%
Published
2023-04-26
Updated
2023-06-26
Stored Cross site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malicious javascript on the incorrect login details page.
Max CVSS
6.1
EPSS Score
0.20%
Published
2023-04-11
Updated
2023-04-14
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets.
Max CVSS
6.1
EPSS Score
0.21%
Published
2023-02-01
Updated
2023-02-22
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment.
Max CVSS
6.1
EPSS Score
0.21%
Published
2023-02-01
Updated
2023-02-22
Cross Site Scripting (XSS) vulnerability in Zoho Asset Explorer 6.9 via the credential name when creating a new Assets Workstation.
Max CVSS
6.1
EPSS Score
0.38%
Published
2023-02-01
Updated
2023-02-08
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component.
Max CVSS
6.1
EPSS Score
0.21%
Published
2023-02-01
Updated
2023-02-14
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component.
Max CVSS
6.1
EPSS Score
0.21%
Published
2023-02-01
Updated
2023-02-14
The Zoho Forms WordPress plugin before 3.0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Max CVSS
5.4
EPSS Score
0.63%
Published
2023-02-13
Updated
2023-02-15
Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload.
Max CVSS
6.1
EPSS Score
0.10%
Published
2023-08-11
Updated
2023-08-16
13 vulnerabilities found