Vulnerabilities (CVE)

Filtered by vendor Zohocorp Subscribe

Filtered by product Manageengine Servicedesk Plus

Total 46 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2019-12543	1 Zohocorp	1 Manageengine Servicedesk Plus	2019-06-06	4.3 MEDIUM	6.1 MEDIUM
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the PurchaseRequest.do serviceRequestId parameter.
CVE-2019-12189	1 Zohocorp	1 Manageengine Servicedesk Plus	2019-05-23	4.3 MEDIUM	6.1 MEDIUM
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field.
CVE-2017-9362	1 Zohocorp	1 Manageengine Servicedesk Plus	2019-04-02	6.5 MEDIUM	8.8 HIGH
ManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items CMDB API.
CVE-2017-9376	1 Zohocorp	1 Manageengine Servicedesk Plus	2019-04-02	5.0 MEDIUM	6.5 MEDIUM
ManageEngine ServiceDesk Plus before 9314 contains a local file inclusion vulnerability in the defModule parameter in DefaultConfigDef.do and AssetDefaultConfigDef.do.
CVE-2019-8394	1 Zohocorp	1 Manageengine Servicedesk Plus	2019-02-26	4.0 MEDIUM	6.5 MEDIUM
Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.
CVE-2018-5799	1 Zohocorp	1 Manageengine Servicedesk Plus	2018-04-19	4.3 MEDIUM	6.1 MEDIUM
In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows an attacker to run arbitrary JavaScript via a /api/request/?OPERATION_NAME= URI, aka SD-69139.