Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
manageengine servicedesk plus vulnerabilities and exploits
(subscribe to this query)
435
VMScore
CVE-2019-12538
An issue exists in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SiteLookup.do search field.
Zohocorp Manageengine Servicedesk Plus 9.3
1 EDB exploit
1 Github repository
383
VMScore
CVE-2019-12539
An issue exists in the Purchase component of Zoho ManageEngine ServiceDesk Plus. There is XSS via the SearchN.do search field, a different vulnerability than CVE-2019-12189.
Zohocorp Manageengine Servicedesk Plus 10.5
383
VMScore
CVE-2019-12540
An issue exists in Zoho ManageEngine ServiceDesk Plus 10.5. There is XSS via the WorkOrder.do search field.
Zohocorp Manageengine Servicedesk Plus 10.5
435
VMScore
CVE-2019-12541
An issue exists in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SolutionSearch.do searchText parameter.
Zohocorp Manageengine Servicedesk Plus 9.3
1 EDB exploit
1 Github repository
435
VMScore
CVE-2019-12543
An issue exists in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the PurchaseRequest.do serviceRequestId parameter.
Zohocorp Manageengine Servicedesk Plus 9.3
1 EDB exploit
1 Github repository
435
VMScore
CVE-2019-12189
An issue exists in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field.
Zohocorp Manageengine Servicedesk Plus 9.3
1 EDB exploit
1 Github repository
312
VMScore
CVE-2021-46065
A Cross-site scripting (XSS) vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 allows an malicious users to inject arbitrary JavaScript code.
Zohocorp Manageengine Servicedesk Plus 11.3
NA
CVE-2023-23078
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets.
Zohocorp Manageengine Servicedesk Plus 14.0
445
VMScore
CVE-2018-7248
An issue exists in Zoho ManageEngine ServiceDesk Plus 9.3 Build 9317. Unauthenticated users are able to validate domain user accounts by sending a request containing the username to an API endpoint. The endpoint will return the user's logon domain if the accounts exists, or ...
Zohocorp Manageengine Servicedesk Plus 9.3
NA
CVE-2023-6105
An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt prod...
Zohocorp Manageengine Mobile Device Manager Plus 10.1.2207.4
Zohocorp Manageengine Appcreator
Zohocorp Manageengine Analytics Plus
Zohocorp Manageengine Endpoint Central Msp
Zohocorp Manageengine Endpoint Central
Zohocorp Manageengine Remote Monitoring And Management
Zohocorp Manageengine Os Deployer
Zohocorp Manageengine Remote Access Plus
Zohocorp Manageengine Mobile Device Manager Plus
Zohocorp Manageengine Application Control Plus
Zohocorp Manageengine Vulnerability Manager Plus
Zohocorp Manageengine Browser Security Plus
Zohocorp Manageengine Patch Manager Plus
Zohocorp Manageengine Device Control Plus
Zohocorp Manageengine Endpoint Dlp Plus
Zohocorp Manageengine Adselfservice Plus 6.3
Zohocorp Manageengine Adselfservice Plus
Zohocorp Manageengine Admanager Plus
Zohocorp Manageengine Admanager Plus 7.2
Zohocorp Manageengine Adaudit Plus 7.2
Zohocorp Manageengine Adaudit Plus
Zohocorp Manageengine Cloud Security Plus 4.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »