Shodan
Vulnerabilities
Vulnerable Software
Zohocorp:  Security Vulnerabilities
CVE-2023-26601
Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service (DoS).
CVSS Score
7.5
EPSS Score
0.057
Published
2023-03-06
CVE-2023-26600
ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-03-06
CVE-2022-48362
Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1.2137.2 allow directory traversal via computerName to AgentLogUploadServlet. A remote, authenticated attacker could upload arbitrary code that would be executed when Desktop Central is restarted. (The attacker could authenticate by exploiting CVE-2021-44515.)
CVSS Score
8.8
EPSS Score
0.017
Published
2023-02-25
CVE-2023-0169
The Zoho Forms WordPress plugin before 3.0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVSS Score
5.4
EPSS Score
0.004
Published
2023-02-13
CVE-2023-23077
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment.
CVSS Score
6.1
EPSS Score
0.139
Published
2023-02-01
CVE-2023-23078
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets.
CVSS Score
6.1
EPSS Score
0.139
Published
2023-02-01
CVE-2023-23073
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component.
CVSS Score
6.1
EPSS Score
0.139
Published
2023-02-01
CVE-2023-23074
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component.
CVSS Score
6.1
EPSS Score
0.81
Published
2023-02-01
CVE-2023-23075
Cross Site Scripting (XSS) vulnerability in Zoho Asset Explorer 6.9 via the credential name when creating a new Assets Workstation.
CVSS Score
6.1
EPSS Score
0.05
Published
2023-02-01
CVE-2023-23076
OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedules.
CVSS Score
9.8
EPSS Score
0.542
Published
2023-02-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved