Zohocorp: Security Vulnerabilities
Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.
CVSS Score
10.0
EPSS Score
0.035
Published
2019-01-03
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation.
CVSS Score
6.1
EPSS Score
0.017
Published
2018-12-26
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature.
CVSS Score
6.1
EPSS Score
0.017
Published
2018-12-26
Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section.
CVSS Score
9.8
EPSS Score
0.052
Published
2018-12-21
Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the Notes column of the Alarms section.
CVSS Score
6.1
EPSS Score
0.012
Published
2018-12-21
Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API.
CVSS Score
9.8
EPSS Score
0.128
Published
2018-12-17
Zoho ManageEngine ADAudit before 5.1 build 5120 allows remote attackers to cause a denial of service (stack-based buffer overflow) via the 'Domain Name' field when adding a new domain.
CVSS Score
7.5
EPSS Score
0.071
Published
2018-12-13
Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain controller.
CVSS Score
6.1
EPSS Score
0.013
Published
2018-12-06
Zoho ManageEngine OpManager 12.3 before 123219 has stored XSS.
CVSS Score
6.1
EPSS Score
0.005
Published
2018-11-20
Zoho ManageEngine OpManager 12.3 before 123219 has a Self XSS Vulnerability.
CVSS Score
6.1
EPSS Score
0.01
Published
2018-11-20