Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Manageengine_servicedesk_plus
(Zohocorp)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 48 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-06-05 | CVE-2019-12542 | An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do userConfigID parameter. | Manageengine_servicedesk_plus | 6.1 | ||
| 2019-06-05 | CVE-2019-12541 | An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SolutionSearch.do searchText parameter. | Manageengine_servicedesk_plus | 6.1 | ||
| 2019-06-05 | CVE-2019-12538 | An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SiteLookup.do search field. | Manageengine_servicedesk_plus | 6.1 | ||
| 2019-05-21 | CVE-2019-12189 | An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field. | Manageengine_servicedesk_plus | 6.1 | ||
| 2019-04-04 | CVE-2019-10273 | Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. Due to a flaw within the way the authentication is handled, an attacker is able to login and verify any active account. | Manageengine_servicedesk_plus | 4.3 | ||
| 2019-02-17 | CVE-2019-8395 | An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request. | Manageengine_servicedesk_plus | 9.8 | ||
| 2019-02-17 | CVE-2019-8394 | Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization. | Manageengine_servicedesk_plus | 6.5 | ||
| 2018-03-30 | CVE-2018-5799 | In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows an attacker to run arbitrary JavaScript via a /api/request/?OPERATION_NAME= URI, aka SD-69139. | Manageengine_servicedesk_plus | 6.1 | ||
| 2019-03-25 | CVE-2017-9376 | ManageEngine ServiceDesk Plus before 9314 contains a local file inclusion vulnerability in the defModule parameter in DefaultConfigDef.do and AssetDefaultConfigDef.do. | Manageengine_servicedesk_plus | 6.5 | ||
| 2019-03-25 | CVE-2017-9362 | ManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items CMDB API. | Manageengine_servicedesk_plus | 8.8 |