Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
supportcenter vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-38331
Zoho ManageEngine Support Center Plus 14001 and below is vulnerable to stored XSS in the products module.
Zohocorp Manageengine Supportcenter Plus 11.0
Zohocorp Manageengine Supportcenter Plus 14.0
Zohocorp Manageengine Supportcenter Plus 8.0
Zohocorp Manageengine Supportcenter Plus 8.1
3.5
CVSSv2
CVE-2022-25373
Zoho ManageEngine SupportCenter Plus prior to 11020 allows Stored XSS in the request history.
Zohocorp Manageengine Supportcenter Plus 11.0
Zohocorp Manageengine Supportcenter Plus
4.3
CVSSv2
CVE-2015-0866
Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.9 before hotfix 7941 allow remote malicious users to inject arbitrary web script or HTML via the (1) fromCustomer, (2) username, or (3) password parameter to HomePage.do.
Zohocorp Manageengine Supportcenter Plus
4.3
CVSSv2
CVE-2008-1432
Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine SupportCenter Plus 7.0.0 allows remote malicious users to inject arbitrary web script or HTML via the searchText parameter, a related issue to CVE-2008-1299. NOTE: the provenance of this information is ...
Manageengine Supportcenter Plus 7.0.0
5
CVSSv2
CVE-2014-100002
Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 prior to 7917 allows remote malicious users to read arbitrary files via a ..%2f (dot dot encoded slash) in the attach parameter to WorkOrder.do in the file attachment for a new ticket.
Zohocorp Manageengine Supportcenter Plus
1 EDB exploit
4.3
CVSSv2
CVE-2018-16965
In Zoho ManageEngine SupportCenter Plus prior to 8.1 Build 8109, there is HTML Injection and Stored XSS via the /ServiceContractDef.do contractName parameter.
Zohocorp Manageengine Supportcenter Plus
NA
CVE-2022-36412
In Zoho ManageEngine SupportCenter Plus prior to 11023, V3 API requests are vulnerable to authentication bypass. (An API request may, in effect, be executed with the credentials of a user who authenticated in the past.)
Zohocorp Manageengine Supportcenter Plus 11.0
4.3
CVSSv2
CVE-2021-43295
Zoho ManageEngine SupportCenter Plus prior to 11016 is vulnerable to Reflected XSS in the Accounts module.
Zohocorp Manageengine Supportcenter Plus 11.0
NA
CVE-2023-23076
OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedules.
Zohocorp Manageengine Supportcenter Plus 11.0
NA
CVE-2022-42903
Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the organization users list.
Zohocorp Manageengine Supportcenter Plus 11.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
firmware
CVE-2006-4304
CVE-2024-32878
CVE-2024-31502
XSS
CVE-2024-3059
CVE-2024-33692
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »