Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zoho vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-0588
The Catalyst Connect Zoho CRM Client Portal WordPress plugin prior to 2.1.0 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admin.
Catalystconnect Zoho Crm Client Portal
6.5
CVSSv3
CVE-2022-41978
Auth. (subscriber+) Arbitrary Options Update vulnerability in Zoho CRM Lead Magnet plugin <= 1.7.5.8 on WordPress.
Zohocorp Zoho Crm Lead Magnet
5.4
CVSSv3
CVE-2021-33849
A Cross-Site Scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user’s browser while the browser is connected to a trusted website. The attack targets your application's users and not the application itself while using your application as the atta...
Zohocorp Zoho Crm Lead Magnet 1.7.2.4
4.8
CVSSv3
CVE-2022-44629
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Catalyst Connect Catalyst Connect Zoho CRM Client Portal plugin <= 2.0.0 versions.
Catalystconnect Catalyst Connect Zoho Crm Client Portal
4.8
CVSSv3
CVE-2023-2527
The Integration for Contact Form 7 and Zoho CRM, Bigin WordPress plugin prior to 1.2.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
Crmperks Integration For Contact Form 7 And Zoho Crm\\, Bigin
8.8
CVSSv3
CVE-2023-25976
Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 and Zoho CRM, Bigin plugin <= 1.2.2 versions.
Crmperks Integration For Contact Form 7 And Zoho Crm\\, Bigin
6.1
CVSSv3
CVE-2023-38481
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin.This issue affects Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin: from n/a prior to 1.3...
Crmperks Integration For Woocommerce And Zoho Crm\\, Books\\, Invoice\\, Inventory\\, Bigin
7
CVSSv3
CVE-2018-19374
Zoho ManageEngine ADManager Plus 6.6 Build 6657 allows local users to gain privileges (after a reboot) by placing a Trojan horse file into the permissive bin directory.
Zohocorp Manageengine Admanager Plus 6.6
1 EDB exploit
6.1
CVSSv3
CVE-2019-12538
An issue exists in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SiteLookup.do search field.
Zohocorp Manageengine Servicedesk Plus 9.3
1 EDB exploit
1 Github repository
6.1
CVSSv3
CVE-2019-12543
An issue exists in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the PurchaseRequest.do serviceRequestId parameter.
Zohocorp Manageengine Servicedesk Plus 9.3
1 EDB exploit
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »