CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Zohocorp : Security Vulnerabilities Published In 2019 (Cross Site Scripting (XSS))

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-12597 79 XSS 2019-07-11 2019-07-25
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via ResourcesAttachments.jsp with the parameter pageName.
2 CVE-2019-12596 79 XSS 2019-07-11 2019-07-25
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via SoftwareListView.do with the parameter swType or swComplianceType.
3 CVE-2019-12595 79 XSS 2019-07-11 2019-07-25
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the RCSettings.do rdsName parameter.
4 CVE-2019-12543 79 XSS 2019-06-05 2019-06-06
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the PurchaseRequest.do serviceRequestId parameter.
5 CVE-2019-12542 79 XSS 2019-06-05 2019-06-06
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do userConfigID parameter.
6 CVE-2019-12541 79 XSS 2019-06-05 2019-06-06
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SolutionSearch.do searchText parameter.
7 CVE-2019-12540 79 XSS 2019-07-11 2019-07-15
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5. There is XSS via the WorkOrder.do search field.
8 CVE-2019-12539 79 XSS 2019-07-11 2021-01-13
4.3
None Remote Medium Not required None Partial None
An issue was discovered in the Purchase component of Zoho ManageEngine ServiceDesk Plus. There is XSS via the SearchN.do search field, a different vulnerability than CVE-2019-12189.
9 CVE-2019-12538 79 XSS 2019-06-05 2019-06-06
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SiteLookup.do search field.
10 CVE-2019-12537 79 XSS 2019-07-11 2019-07-25
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the SearchN.do search field.
11 CVE-2019-12189 79 XSS 2019-05-21 2019-05-23
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field.
12 CVE-2019-11676 79 XSS 2019-05-02 2019-05-03
4.3
None Remote Medium Not required None Partial None
The user defined DNS name in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to stored XSS attacks.
13 CVE-2019-11511 79 XSS 2019-04-25 2019-06-03
4.3
None Remote Medium Not required None Partial None
Zoho ManageEngine ADSelfService Plus before build 5708 has XSS via the mobile app API.
14 CVE-2019-8929 79 XSS 2019-05-17 2019-05-17
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/selectDevice.jsp file in these GET parameters: param and rtype.
15 CVE-2019-8928 79 XSS 2019-05-17 2019-05-17
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in /netflow/jspui/userManagementForm.jsp via these GET parameters: authMeth, passWord, pwd1, and userName.
16 CVE-2019-8927 79 XSS 2019-05-17 2019-05-17
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/scheduleConfig.jsp file via these GET parameters: devSrc, emailId, excWeekModify, filterFlag, getFilter, mailReport, mset, popup, rep_schedule, rep_Type, schDesc, schName, schSource, selectDeviceDone, task, val10, and val11.
17 CVE-2019-8926 79 XSS 2019-05-17 2019-05-17
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/popup1.jsp file via these GET parameters: bussAlert, customDev, and selSource.
18 CVE-2019-8346 79 XSS CSRF 2019-05-24 2019-05-29
4.3
None Remote Medium Not required None Partial None
In Zoho ManageEngine ADSelfService Plus 5.x through 5704, an authorization.do cross-site Scripting (XSS) vulnerability allows for an unauthenticated manipulation of the JavaScript code by injecting the HTTP form parameter adscsrf. An attacker can use this to capture a user's AD self-service password reset and MFA token.
19 CVE-2019-7427 79 XSS 2019-05-07 2019-05-08
4.3
None Remote Medium Not required None Partial None
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the autorefTime or graphTypes parameter.
20 CVE-2019-7426 79 XSS 2019-05-07 2019-05-08
4.3
None Remote Medium Not required None Partial None
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the groupDesc, groupName, groupID, or task parameter.
21 CVE-2019-7425 79 XSS 2019-03-21 2019-10-30
4.3
None Remote Medium Not required None Partial None
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the task parameter.
22 CVE-2019-7424 79 XSS 2019-03-21 2019-03-22
4.3
None Remote Medium Not required None Partial None
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/index.jsp" file in the view GET parameter or any of these POST parameters: autorefTime, section, snapshot, viewOpt, viewAll, view, or groupSelName. The latter is related to CVE-2009-3903.
23 CVE-2019-7423 79 XSS 2019-03-21 2019-03-22
4.3
None Remote Medium Not required None Partial None
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/editProfile.jsp" file in the userName parameter.
24 CVE-2019-7422 79 XSS 2019-03-21 2019-03-22
4.3
None Remote Medium Not required None Partial None
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/addMailSettings.jsp" file in the gF parameter.
25 CVE-2017-11739 79 XSS 2019-05-23 2019-05-27
4.3
None Remote Medium Not required None Partial None
In Zoho ManageEngine Application Manager 13.1 Build 13100, an authenticated user, with administrative privileges, has the ability to add a widget on any dashboard. This widget can be a "Utility Widget" with a "Custom HTML or Text" field. Once this widget is created, it will be loaded on the dashboard where it was added. An attacker can abuse this functionality by creating a "Utility Widget" that contains malicious JavaScript code, aka XSS.
26 CVE-2017-11560 79 XSS 2019-05-23 2019-05-24
3.5
None Remote Medium ??? None Partial None
An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding a Google Map to the application, an authenticated user can upload an HTML file. This HTML file is then rendered in various locations of the application. JavaScript inside the uploaded HTML is also interpreted by the application. Thus, an attacker can inject a malicious JavaScript payload inside the HTML file and upload it to the application.
Total number of vulnerabilities : 26   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.