Shodan
Vulnerabilities
Vulnerable Software
Zoho:  Security Vulnerabilities
CVE-2024-37225
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zoho Marketing Automation.This issue affects Zoho Marketing Automation: from n/a through 1.2.7.
CVSS Score
8.5
EPSS Score
0.002
Published
2024-07-09
CVE-2024-32441
Cross-Site Request Forgery (CSRF) vulnerability in Zoho Campaigns.This issue affects Zoho Campaigns: from n/a through 2.0.7.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-04-15
CVE-2024-32442
Cross-Site Request Forgery (CSRF) vulnerability in Zoho Campaigns.This issue affects Zoho Campaigns: from n/a through 2.0.7.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-04-15
CVE-2021-42956
Zoho Remote Access Plus Server Windows Desktop Binary fixed in 10.1.2132.6 is affected by a sensitive information disclosure vulnerability. Due to improper privilege management, the process launches as the logged in user, so memory dump can be done by non-admin also. Remotely, an attacker can dump all sensitive information including DB Connection string, entire IT infrastructure details, commands executed by IT admin including credentials, secrets, private keys and more.
CVSS Score
7.8
EPSS Score
0.002
Published
2021-11-17
CVE-2019-19306
The Zoho CRM Lead Magnet plugin 1.6.9.1 for WordPress allows XSS via module, EditShortcode, or LayoutName.
CVSS Score
5.4
EPSS Score
0.004
Published
2019-11-26
CVE-2019-15644
The zoho-salesiq plugin before 1.0.9 for WordPress has stored XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-27
CVE-2019-15645
The zoho-salesiq plugin before 1.0.9 for WordPress has CSRF.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-08-27
CVE-2019-5962
Cross-site scripting vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-07-05
CVE-2019-5963
Cross-site request forgery (CSRF) vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-07-05
CVE-2014-6686
The Zoho Books - Accounting App (aka com.zoho.books) application 3.1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVSS Score
5.4
EPSS Score
0.0
Published
2014-09-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved