161 matches found
CVE-2021-43295
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Accounts module...
CVE-2021-43295
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Accounts module...
CVE-2021-43294
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Products module...
CVE-2021-43294
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Products module...
Design/Logic Flaw
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Products module...
Cross site scripting
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Accounts module...
Server side request forgery (ssrf)
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor...
CVE-2021-43296
Affects: Zoho ManageEngine SupportCenter Plus, prior to version 11016. Issue: server-side request forgery (SSRF) in ActionExecutor caused by inadequate authentication of the user identity. Impact: information exposure risk as described across sources; CVSS details show potential confidentiality i...
CVE-2021-43295
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Accounts module...
CVE-2021-43295
Zoho ManageEngine SupportCenter Plus is affected by CVE-2021-43295: versions prior to 11016 are vulnerable to Reflected XSS in the Accounts module. The vulnerability is caused by improper handling of user-supplied input, enabling an attacker to inject scripts that could be reflected and executed ...
CVE-2021-43294
The CVE-2021-43294 entry concerns Zoho ManageEngine SupportCenter Plus prior to 11016, with a Reflected XSS vulnerability in the Products module. Public sources (NVD, CNVD/CNNVD) confirm existence of a cross-site scripting flaw that could enable theft of cookie-based credentials, indicating an at...
Zoho ManageEngine SupportCenter Plus 跨站脚本漏洞
ZOHO ManageEngine SupportCenter Plus is a web-based customer support software from ZOHO, Inc. A cross-site scripting vulnerability exists in ZOHO ManageEngine SupportCenter Plus, which stems from the product's failure to validate user identities and could be exploited by attackers to obtain a...
CVE-2021-44077
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration...
Remote code execution
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration...
CVE-2021-44077
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration...
CVE-2021-44077
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration. Recent assessments:...
PT-2021-6071
Name of the Vulnerable Software and Affected Versions Zoho ManageEngine ServiceDesk Plus versions prior to 11306 Zoho ManageEngine ServiceDesk Plus MSP versions prior to 10530 Zoho ManageEngine SupportCenter Plus versions prior to 11014 Description The issue is related to unauthenticated remote...
ZOHO ManageEngine SupportCenter Plus Cross-Site Scripting Vulnerability (CNVD-2018-19734)
ZOHO ManageEngine SupportCenter Plus is a suite of customer service support management software from ZOHO USA. The software provides help desk, customer management, service level management and tracking of customer requests. A cross-site scripting vulnerability exists in ZOHO ManageEngine...
CVE-2018-16965
In Zoho ManageEngine SupportCenter Plus before 8.1 Build 8109, there is HTML Injection and Stored XSS via the /ServiceContractDef.do contractName parameter...
CVE-2018-16965
In Zoho ManageEngine SupportCenter Plus before 8.1 Build 8109, there is HTML Injection and Stored XSS via the /ServiceContractDef.do contractName parameter...