Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zoho vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2006-3842
Cross-site scripting (XSS) vulnerability in Zoho Virtual Office 3.2 Build 3210 allows remote malicious users to execute arbitrary web script or HTML via an HTML message.
Adventnet Zoho Virtual Office 3.2 Build 3210
NA
CVE-2022-41978
Auth. (subscriber+) Arbitrary Options Update vulnerability in Zoho CRM Lead Magnet plugin <= 1.7.5.8 on WordPress.
Zohocorp Zoho Crm Lead Magnet
3.5
CVSSv2
CVE-2021-33849
A Cross-Site Scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user’s browser while the browser is connected to a trusted website. The attack targets your application's users and not the application itself while using your application as the atta...
Zohocorp Zoho Crm Lead Magnet 1.7.2.4
NA
CVE-2022-44629
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Catalyst Connect Catalyst Connect Zoho CRM Client Portal plugin <= 2.0.0 versions.
Catalystconnect Catalyst Connect Zoho Crm Client Portal
NA
CVE-2023-2527
The Integration for Contact Form 7 and Zoho CRM, Bigin WordPress plugin prior to 1.2.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
Crmperks Integration For Contact Form 7 And Zoho Crm\\, Bigin
NA
CVE-2023-25976
Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 and Zoho CRM, Bigin plugin <= 1.2.2 versions.
Crmperks Integration For Contact Form 7 And Zoho Crm\\, Bigin
NA
CVE-2023-38481
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin.This issue affects Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin: from n/a prior to 1.3...
Crmperks Integration For Woocommerce And Zoho Crm\\, Books\\, Invoice\\, Inventory\\, Bigin
6.9
CVSSv2
CVE-2018-19374
Zoho ManageEngine ADManager Plus 6.6 Build 6657 allows local users to gain privileges (after a reboot) by placing a Trojan horse file into the permissive bin directory.
Zohocorp Manageengine Admanager Plus 6.6
1 EDB exploit
4.3
CVSSv2
CVE-2019-12538
An issue exists in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SiteLookup.do search field.
Zohocorp Manageengine Servicedesk Plus 9.3
1 EDB exploit
1 Github repository
4.3
CVSSv2
CVE-2019-12543
An issue exists in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the PurchaseRequest.do serviceRequestId parameter.
Zohocorp Manageengine Servicedesk Plus 9.3
1 EDB exploit
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »