CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Zohocorp : Security Vulnerabilities Published In 2018 (Cross Site Scripting (XSS))

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-20485 79 XSS 2018-12-26 2019-05-10
4.3
None Remote Medium Not required None Partial None
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature.
2 CVE-2018-20484 79 XSS 2018-12-26 2019-05-10
4.3
None Remote Medium Not required None Partial None
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation.
3 CVE-2018-20339 79 XSS 2018-12-21 2021-05-04
4.3
None Remote Medium Not required None Partial None
Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the Notes column of the Alarms section.
4 CVE-2018-19921 79 XSS 2018-12-06 2021-05-04
4.3
None Remote Medium Not required None Partial None
Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain controller.
5 CVE-2018-19288 79 XSS 2018-11-15 2021-05-04
4.3
None Remote Medium Not required None Partial None
Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API.
6 CVE-2018-18716 79 XSS 2018-11-20 2021-05-04
4.3
None Remote Medium Not required None Partial None
Zoho ManageEngine OpManager 12.3 before 123219 has a Self XSS Vulnerability.
7 CVE-2018-18715 79 XSS 2018-11-20 2021-05-04
4.3
None Remote Medium Not required None Partial None
Zoho ManageEngine OpManager 12.3 before 123219 has stored XSS.
8 CVE-2018-18262 79 XSS 2018-10-17 2021-05-04
4.3
None Remote Medium Not required None Partial None
Zoho ManageEngine OpManager 12.3 before build 123214 has XSS.
9 CVE-2018-17596 79 XSS 2018-10-02 2018-11-16
4.3
None Remote Medium Not required None Partial None
In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was discovered in the 6.2.0 version via the /AssetDef.do ciName or assetName parameter.
10 CVE-2018-16965 79 XSS 2018-09-21 2018-11-09
4.3
None Remote Medium Not required None Partial None
In Zoho ManageEngine SupportCenter Plus before 8.1 Build 8109, there is HTML Injection and Stored XSS via the /ServiceContractDef.do contractName parameter.
11 CVE-2018-16833 79 XSS 2018-09-21 2018-11-09
4.3
None Remote Medium Not required None Partial None
Zoho ManageEngine Desktop Central 10.0.271 has XSS via the "Features & Articles" search field to the /advsearch.do?SUBREQUEST=XMLHTTP URI.
12 CVE-2018-15740 79 XSS 2018-08-28 2020-07-15
4.3
None Remote Medium Not required None Partial None
Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen.
13 CVE-2018-15169 79 XSS 2018-08-08 2018-10-05
4.3
None Remote Medium Not required None Partial None
A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager 13 before build 13820 allows remote attackers to inject arbitrary web script or HTML via the /deleteMO.do method parameter.
14 CVE-2018-12998 79 XSS 2018-06-29 2021-08-31
4.3
None Remote Medium Not required None Partial None
A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.
15 CVE-2018-12996 79 XSS 2018-06-29 2018-08-20
4.3
None Remote Medium Not required None Partial None
A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager before 13 (Build 13800) allows remote attackers to inject arbitrary web script or HTML via the parameter 'method' to GraphicalView.do.
16 CVE-2018-10803 352 XSS CSRF 2018-05-10 2020-08-24
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the add credentials functionality in Zoho ManageEngine NetFlow Analyzer v12.3 before 12.3.125 (build 123125) allows remote attackers to inject arbitrary web script or HTML via a crafted description value. This can be exploited through CSRF.
17 CVE-2018-10076 79 XSS 2018-07-02 2018-08-30
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Zoho ManageEngine EventLog Analyzer 11.12. A Cross-Site Scripting vulnerability allows a remote attacker to inject arbitrary web script or HTML via the search functionality (the search box of the Dashboard).
18 CVE-2018-10075 79 XSS 2018-07-02 2018-08-30
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Zoho ManageEngine EventLog Analyzer 11.12 allows remote attackers to inject arbitrary web script or HTML via the import logs feature.
19 CVE-2018-9163 79 XSS 2018-04-02 2019-02-27
3.5
None Remote Medium ??? None Partial None
A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 (Build 5350) allows remote authenticated users (with Add New Technician permissions) to inject arbitrary web script or HTML via the loginName field to technicianAction.do.
20 CVE-2018-8722 79 XSS 2018-03-15 2018-04-06
4.3
None Remote Medium Not required None Partial None
Zoho ManageEngine Desktop Central version 9.1.0 build 91099 has multiple XSS issues that were fixed in build 92026.
21 CVE-2018-8721 79 XSS 2018-03-15 2018-04-06
4.3
None Remote Medium Not required None Partial None
Zoho ManageEngine EventLog Analyzer version 11.0 build 11000 has Stored XSS related to the index2.do?url=editAlertForm&tab=alert&alert=profile URI and the Edit Alert Profile screen
22 CVE-2018-7405 79 XSS 2018-03-13 2018-04-09
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) in Zoho ManageEngine EventLog Analyzer before 11.12 Build 11120 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
23 CVE-2018-5799 79 XSS 2018-03-30 2018-04-19
4.3
None Remote Medium Not required None Partial None
In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows an attacker to run arbitrary JavaScript via a /api/request/?OPERATION_NAME= URI, aka SD-69139.
Total number of vulnerabilities : 23   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.