Zohocorp: Security Vulnerabilities
Zoho ManageEngine ADManager Plus before 7110 allows reflected XSS.
CVSS Score
6.1
EPSS Score
0.062
Published
2021-07-17
Zoho ManageEngine ADManager Plus before 7110 allows stored XSS.
CVSS Score
6.1
EPSS Score
0.062
Published
2021-07-17
Zoho ManageEngine ADSelfService Plus before 6104, in rare situations, allows attackers to obtain sensitive information about the password-sync database application.
CVSS Score
5.9
EPSS Score
0.012
Published
2021-07-02
Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD.
CVSS Score
5.4
EPSS Score
0.203
Published
2021-07-01
Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data.
CVSS Score
7.5
EPSS Score
0.1
Published
2021-06-29
Zoho ManageEngine ServiceDesk Plus MSP before 10522 is vulnerable to Information Disclosure.
CVSS Score
7.5
EPSS Score
0.016
Published
2021-06-29
Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery (SSRF).
CVSS Score
9.8
EPSS Score
0.075
Published
2021-06-29
Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password.
CVSS Score
9.8
EPSS Score
0.4
Published
2021-06-25
Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a User Enumeration bug due to improper error-message generation in the Forgot Password functionality, aka SDPMSP-15732.
CVSS Score
5.3
EPSS Score
0.237
Published
2021-06-16
In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, attackers are able to retrieve credentials via a browser extension for non-website resource types.
CVSS Score
5.9
EPSS Score
0.009
Published
2021-06-16