Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
supportcenter vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-38331
Zoho ManageEngine Support Center Plus 14001 and below is vulnerable to stored XSS in the products module.
Zohocorp Manageengine Supportcenter Plus 11.0
Zohocorp Manageengine Supportcenter Plus 14.0
Zohocorp Manageengine Supportcenter Plus 8.0
Zohocorp Manageengine Supportcenter Plus 8.1
312
VMScore
CVE-2022-25373
Zoho ManageEngine SupportCenter Plus prior to 11020 allows Stored XSS in the request history.
Zohocorp Manageengine Supportcenter Plus 11.0
Zohocorp Manageengine Supportcenter Plus
383
VMScore
CVE-2018-16965
In Zoho ManageEngine SupportCenter Plus prior to 8.1 Build 8109, there is HTML Injection and Stored XSS via the /ServiceContractDef.do contractName parameter.
Zohocorp Manageengine Supportcenter Plus
383
VMScore
CVE-2008-1432
Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine SupportCenter Plus 7.0.0 allows remote malicious users to inject arbitrary web script or HTML via the searchText parameter, a related issue to CVE-2008-1299. NOTE: the provenance of this information is ...
Manageengine Supportcenter Plus 7.0.0
505
VMScore
CVE-2014-100002
Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 prior to 7917 allows remote malicious users to read arbitrary files via a ..%2f (dot dot encoded slash) in the attach parameter to WorkOrder.do in the file attachment for a new ticket.
Zohocorp Manageengine Supportcenter Plus
1 EDB exploit
383
VMScore
CVE-2015-0866
Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.9 before hotfix 7941 allow remote malicious users to inject arbitrary web script or HTML via the (1) fromCustomer, (2) username, or (3) password parameter to HomePage.do.
Zohocorp Manageengine Supportcenter Plus
NA
CVE-2022-42903
Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the organization users list.
Zohocorp Manageengine Supportcenter Plus 11.0
NA
CVE-2022-36412
In Zoho ManageEngine SupportCenter Plus prior to 11023, V3 API requests are vulnerable to authentication bypass. (An API request may, in effect, be executed with the credentials of a user who authenticated in the past.)
Zohocorp Manageengine Supportcenter Plus 11.0
555
VMScore
CVE-2015-5149
Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary files via a .. (dot dot) in the component parameter in the Request component to workorder/Attachment.jsp.
Zohocorp Manageengine Supportcenter Plus 7.90
1 EDB exploit
355
VMScore
CVE-2015-5150
Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.90 allow remote authenticated users to inject arbitrary web script or HTML via the (1) query parameter in the run_query_editor_query module to CustomReportHandler.do, (2) compAcct parame...
Zohocorp Manageengine Supportcenter Plus 7.90
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
CVE-2006-4304
CVE-2023-26603
CVE-2024-28327
CVE-2023-50363
CVE-2024-21905
template injection
CVE-2024-3400
cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »