Show filters
11 Total Results
Displaying 1-10 of 11
Sort by:
Attacker Value
Unknown

CVE-2021-44526

Disclosure Date: December 23, 2021 (last updated October 07, 2023)
Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-20080

Disclosure Date: April 09, 2021 (last updated February 22, 2025)
Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset file.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-14048

Disclosure Date: June 12, 2020 (last updated February 21, 2025)
Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed agents.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-12542

Disclosure Date: June 05, 2019 (last updated November 27, 2024)
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do userConfigID parameter.
0
0
Attacker Value
Unknown

CVE-2019-12538

Disclosure Date: June 05, 2019 (last updated November 27, 2024)
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SiteLookup.do search field.
0
0
Attacker Value
Unknown

CVE-2019-12541

Disclosure Date: June 05, 2019 (last updated November 27, 2024)
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SolutionSearch.do searchText parameter.
0
0
Attacker Value
Unknown

CVE-2019-12543

Disclosure Date: June 05, 2019 (last updated November 27, 2024)
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the PurchaseRequest.do serviceRequestId parameter.
0
0
Attacker Value
Unknown

CVE-2019-12189

Disclosure Date: May 21, 2019 (last updated November 27, 2024)
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field.
0
0
Attacker Value
Unknown

CVE-2019-10008

Disclosure Date: April 24, 2019 (last updated November 27, 2024)
Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privilege escalation because an established guest session is automatically converted into an established administrator session when the guest user enters the administrator username, with an arbitrary incorrect password, in an mc/ login attempt within a different browser tab.
0
0
Attacker Value
Unknown

CVE-2019-10273

Disclosure Date: April 04, 2019 (last updated November 27, 2024)
Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. Due to a flaw within the way the authentication is handled, an attacker is able to login and verify any active account.
0
0
View More Topics  Next >