Filtered by vendor Zohocorp
Subscribe
Total
550 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-5446 | 1 Zohocorp | 2 Manageengine It360, Manageengine Netflow Analyzer | 2026-05-06 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allows remote attackers and remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter. | |||||
| CVE-2015-7387 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2026-05-06 | 7.5 HIGH | N/A |
| ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a disallowed one in the query parameter to event/runQuery.do, as demonstrated by "SELECT 1;INSERT INTO." Fixed in Build 11200. | |||||
| CVE-2015-2169 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2026-05-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 allows remote attackers to inject arbitrary web script or HTML via a Publisher registry entry, which is not properly handled when the machine is scanned. | |||||
| CVE-2015-7766 | 1 Zohocorp | 1 Manageengine Opmanager | 2026-05-06 | 9.0 HIGH | N/A |
| PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and earlier allows remote administrators to bypass SQL query restrictions via a comment in the query to api/json/admin/SubmitQuery, as demonstrated by "INSERT/**/INTO." | |||||
| CVE-2014-6035 | 1 Zohocorp | 1 Manageengine Opmanager | 2026-05-06 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and earlier allows remote attackers to write and execute arbitrary files via a .. (dot dot) in the FILENAME parameter. | |||||
| CVE-2014-9331 | 1 Zohocorp | 1 Manageengine Desktop Central | 2026-05-06 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in ZOHO ManageEngine Desktop Central before 9 build 90130 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an addUser action to STATE_ID/1417736606982/roleMgmt.do. | |||||
| CVE-2010-3274 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2026-04-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a (1) showList or (2) Search action. | |||||
| CVE-2010-3272 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2026-04-29 | 4.3 MEDIUM | N/A |
| accounts/ValidateAnswers in the security-questions implementation in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 makes it easier for remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, via a modified (1) Hide_Captcha or (2) quesList parameter in a validateAll action. | |||||
| CVE-2010-3273 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2026-04-29 | 5.0 MEDIUM | N/A |
| ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, by providing a user id to accounts/ValidateUser, and then providing a new password to accounts/ResetResult. | |||||
| CVE-2010-5050 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2026-04-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in jsp/admin/tools/remote_share.jsp in ManageEngine ADManager Plus 4.4.0 allows remote attackers to inject arbitrary web script or HTML via the computerName parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2012-5956 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2026-04-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine AssetExplorer 5.6 before service pack 5614 allow remote attackers to inject arbitrary web script or HTML via fields in XML asset data to discoveryServlet/WsDiscoveryServlet, as demonstrated by the DocRoot/Computer_Information/output element. | |||||
| CVE-2011-5105 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2026-04-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 allow remote attackers to inject arbitrary web script or HTML via the (1) searchType and (2) searchString parameters, a different vulnerability than CVE-2010-3274. | |||||
| CVE-2023-50891 | 1 Zohocorp | 1 Zoho Forms | 2026-04-28 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoho Forms Form plugin for WordPress – Zoho Forms allows Stored XSS.This issue affects Form plugin for WordPress – Zoho Forms: from n/a through 3.0.1. | |||||
| CVE-2009-2155 | 1 Zohocorp | 1 Webnms | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in report/ReportViewAction.do in WebNMS Free Edition 5 allows remote attackers to inject arbitrary web script or HTML via the type parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2026-28754 | 1 Zohocorp | 1 Manageengine Exchange Reporter Plus | 2026-04-03 | N/A | 7.3 HIGH |
| Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Distribution Lists report. | |||||
| CVE-2026-28756 | 1 Zohocorp | 1 Manageengine Exchange Reporter Plus | 2026-04-03 | N/A | 7.3 HIGH |
| Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions based on Distribution Groups report. | |||||
| CVE-2026-28703 | 1 Zohocorp | 1 Manageengine Exchange Reporter Plus | 2026-04-03 | N/A | 7.3 HIGH |
| Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Mails Exchanged Between Users report. | |||||
| CVE-2026-3879 | 1 Zohocorp | 1 Manageengine Exchange Reporter Plus | 2026-04-03 | N/A | 7.3 HIGH |
| Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Equipment Mailbox Details report. | |||||
| CVE-2026-3880 | 1 Zohocorp | 1 Manageengine Exchange Reporter Plus | 2026-04-03 | N/A | 7.3 HIGH |
| Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Public Folder Client Permissions report. | |||||
| CVE-2026-4107 | 1 Zohocorp | 1 Manageengine Exchange Reporter Plus | 2026-04-03 | N/A | 7.3 HIGH |
| Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Folder Message Count and Size report. | |||||