Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
supportcenter vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-38331
Zoho ManageEngine Support Center Plus 14001 and below is vulnerable to stored XSS in the products module.
Zohocorp Manageengine Supportcenter Plus 11.0
Zohocorp Manageengine Supportcenter Plus 14.0
Zohocorp Manageengine Supportcenter Plus 8.0
Zohocorp Manageengine Supportcenter Plus 8.1
3.5
CVSSv2
CVE-2022-25373
Zoho ManageEngine SupportCenter Plus prior to 11020 allows Stored XSS in the request history.
Zohocorp Manageengine Supportcenter Plus 11.0
Zohocorp Manageengine Supportcenter Plus
4.3
CVSSv2
CVE-2018-16965
In Zoho ManageEngine SupportCenter Plus prior to 8.1 Build 8109, there is HTML Injection and Stored XSS via the /ServiceContractDef.do contractName parameter.
Zohocorp Manageengine Supportcenter Plus
5
CVSSv2
CVE-2014-100002
Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 prior to 7917 allows remote malicious users to read arbitrary files via a ..%2f (dot dot encoded slash) in the attach parameter to WorkOrder.do in the file attachment for a new ticket.
Zohocorp Manageengine Supportcenter Plus
1 EDB exploit
4.3
CVSSv2
CVE-2015-0866
Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.9 before hotfix 7941 allow remote malicious users to inject arbitrary web script or HTML via the (1) fromCustomer, (2) username, or (3) password parameter to HomePage.do.
Zohocorp Manageengine Supportcenter Plus
4.3
CVSSv2
CVE-2008-1432
Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine SupportCenter Plus 7.0.0 allows remote malicious users to inject arbitrary web script or HTML via the searchText parameter, a related issue to CVE-2008-1299. NOTE: the provenance of this information is ...
Manageengine Supportcenter Plus 7.0.0
4.3
CVSSv2
CVE-2021-43295
Zoho ManageEngine SupportCenter Plus prior to 11016 is vulnerable to Reflected XSS in the Accounts module.
Zohocorp Manageengine Supportcenter Plus 11.0
5.5
CVSSv2
CVE-2015-5149
Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary files via a .. (dot dot) in the component parameter in the Request component to workorder/Attachment.jsp.
Zohocorp Manageengine Supportcenter Plus 7.90
1 EDB exploit
5
CVSSv2
CVE-2021-43296
Zoho ManageEngine SupportCenter Plus prior to 11016 is vulnerable to an SSRF attack in ActionExecutor.
Zohocorp Manageengine Supportcenter Plus 11.0
4.3
CVSSv2
CVE-2021-43294
Zoho ManageEngine SupportCenter Plus prior to 11016 is vulnerable to Reflected XSS in the Products module.
Zohocorp Manageengine Supportcenter Plus 11.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907
hardcoded
inject
CVE-2024-20359
CVE-2024-2467
CVE-2024-4077
CVE-2024-22391
camera
CVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »