servicedesk plus vulnerabilities and exploits

6.5
CVSSv2
CVE-2017-9362

ManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items CMDB API....

4.3
CVSSv2
CVE-2019-12540

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5. There is XSS via the WorkOrder.do search field....

ZohocorpManageengine Servicedesk Plus
4.3
CVSSv2
CVE-2019-12538

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SiteLookup.do search field....

ZohocorpManageengine Servicedesk Plus
4.3
CVSSv2
CVE-2019-12543

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the PurchaseRequest.do serviceRequestId parameter....

ZohocorpManageengine Servicedesk Plus
9
CVSSv2
CVE-2014-5302

Directory traversal vulnerability in ServiceDesk Plus and Plus MSP v5 through v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4 allows remote authenticated users to execute arbitrary code....

5
CVSSv2
CVE-2019-15046

Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989....

4.3
CVSSv2
CVE-2019-12542

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do userConfigID parameter....

ZohocorpManageengine Servicedesk Plus
4.3
CVSSv2
CVE-2019-12189

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field....

ZohocorpManageengine Servicedesk Plus
4.3
CVSSv2
CVE-2019-12541

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SolutionSearch.do searchText parameter....

ZohocorpManageengine Servicedesk Plus
5
CVSSv2
CVE-2019-15045

** DISPUTED ** AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. NOTE: the vendor's position is that this is intended functionality....