Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zoho vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-6686
The Zoho Books - Accounting App (aka com.zoho.books) application 3.1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Zoho Zoho Books - Accounting App 3.1.9
6.1
CVSSv3
CVE-2019-15644
The zoho-salesiq plugin prior to 1.0.9 for WordPress has stored XSS.
Zoho Salesiq
6.1
CVSSv3
CVE-2019-5962
Cross-site scripting vulnerability in Zoho SalesIQ 1.0.8 and previous versions allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Zoho Salesiq
8.8
CVSSv3
CVE-2019-5963
Cross-site request forgery (CSRF) vulnerability in Zoho SalesIQ 1.0.8 and previous versions allows remote malicious users to hijack the authentication of administrators via unspecified vectors.
Zoho Salesiq
8.8
CVSSv3
CVE-2021-42956
Zoho Remote Access Plus Server Windows Desktop Binary fixed in 10.1.2132.6 is affected by a sensitive information disclosure vulnerability. Due to improper privilege management, the process launches as the logged in user, so memory dump can be done by non-admin also. Remotely, an...
Zoho Manageengine Remote Access Plus Server
8.8
CVSSv3
CVE-2019-15645
The zoho-salesiq plugin prior to 1.0.9 for WordPress has CSRF.
Zoho Salesiq
5.4
CVSSv3
CVE-2023-0169
The Zoho Forms WordPress plugin prior to 3.0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
Zohocorp Zoho Forms
5.4
CVSSv3
CVE-2023-50891
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoho Forms Form plugin for WordPress – Zoho Forms allows Stored XSS.This issue affects Form plugin for WordPress – Zoho Forms: from n/a up to and including ...
Zohocorp Zoho Forms
5.4
CVSSv3
CVE-2019-19306
The Zoho CRM Lead Magnet plugin 1.6.9.1 for WordPress allows XSS via module, EditShortcode, or LayoutName.
Zoho Lead Magnet 1.6.9.1
NA
CVE-2006-3842
Cross-site scripting (XSS) vulnerability in Zoho Virtual Office 3.2 Build 3210 allows remote malicious users to execute arbitrary web script or HTML via an HTML message.
Adventnet Zoho Virtual Office 3.2 Build 3210
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »