Show filters
56 Total Results
Displaying 11-20 of 56
Sort by:
Attacker Value
Unknown
CVE-2023-26601
Disclosure Date: March 06, 2023 (last updated October 08, 2023)
Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service (DoS).
0
Attacker Value
Unknown
CVE-2023-26600
Disclosure Date: March 06, 2023 (last updated October 08, 2023)
ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports.
0
Attacker Value
Unknown
CVE-2023-23078
Disclosure Date: February 01, 2023 (last updated October 08, 2023)
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets.
0
Attacker Value
Unknown
CVE-2023-23077
Disclosure Date: February 01, 2023 (last updated October 08, 2023)
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment.
0
Attacker Value
Unknown
CVE-2023-23074
Disclosure Date: February 01, 2023 (last updated October 08, 2023)
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component.
0
Attacker Value
Unknown
CVE-2023-23073
Disclosure Date: February 01, 2023 (last updated October 08, 2023)
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component.
0
Attacker Value
Unknown
CVE-2023-22964
Disclosure Date: January 20, 2023 (last updated October 08, 2023)
Zoho ManageEngine ServiceDesk Plus MSP before 10611, and 13x before 13004, is vulnerable to authentication bypass when LDAP authentication is enabled.
0
Attacker Value
Unknown
CVE-2022-40772
Disclosure Date: November 23, 2022 (last updated October 08, 2023)
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module.
0
Attacker Value
Unknown
CVE-2022-40771
Disclosure Date: November 23, 2022 (last updated October 08, 2023)
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure.
0
Attacker Value
Unknown
CVE-2022-40770
Disclosure Date: November 23, 2022 (last updated October 08, 2023)
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users.
0
