Lucene search
K

161 matches found

OSV
OSV
added 2021/11/30 7:15 p.m.4 views

CVE-2021-43295

Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Accounts module...

6.1CVSS5.8AI score0.02745EPSS
Exploits0References2
NVD
NVD
added 2021/11/30 7:15 p.m.21 views

CVE-2021-43295

Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Accounts module...

6.1CVSS0.02745EPSS
Exploits0References2
NVD
NVD
added 2021/11/30 7:15 p.m.22 views

CVE-2021-43294

Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Products module...

6.1CVSS0.00986EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/11/30 7:15 p.m.2 views

CVE-2021-43294

Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Products module...

6.1CVSS6.4AI score0.00986EPSS
Exploits0References3
Prion
Prion
added 2021/11/30 7:15 p.m.13 views

Design/Logic Flaw

Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Products module...

4.3CVSS5.9AI score0.00986EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/11/30 7:15 p.m.19 views

Cross site scripting

Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Accounts module...

4.3CVSS5.9AI score0.02745EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/11/30 7:15 p.m.16 views

Server side request forgery (ssrf)

Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor...

5CVSS7.5AI score0.02617EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/11/30 6:40 p.m.48 views

CVE-2021-43296

Affects: Zoho ManageEngine SupportCenter Plus, prior to version 11016. Issue: server-side request forgery (SSRF) in ActionExecutor caused by inadequate authentication of the user identity. Impact: information exposure risk as described across sources; CVSS details show potential confidentiality i...

7.5CVSS7.4AI score0.02617EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/11/30 6:39 p.m.25 views

CVE-2021-43295

Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Accounts module...

6.1AI score0.02745EPSS
Exploits0References2
CVE
CVE
added 2021/11/30 6:39 p.m.52 views

CVE-2021-43295

Zoho ManageEngine SupportCenter Plus is affected by CVE-2021-43295: versions prior to 11016 are vulnerable to Reflected XSS in the Accounts module. The vulnerability is caused by improper handling of user-supplied input, enabling an attacker to inject scripts that could be reflected and executed ...

6.1CVSS5.9AI score0.02745EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/11/30 6:38 p.m.50 views

CVE-2021-43294

The CVE-2021-43294 entry concerns Zoho ManageEngine SupportCenter Plus prior to 11016, with a Reflected XSS vulnerability in the Products module. Public sources (NVD, CNVD/CNNVD) confirm existence of a cross-site scripting flaw that could enable theft of cookie-based credentials, indicating an at...

6.1CVSS5.9AI score0.00986EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2021/11/30 12:0 a.m.5 views

Zoho ManageEngine SupportCenter Plus 跨站脚本漏洞

ZOHO ManageEngine SupportCenter Plus is a web-based customer support software from ZOHO, Inc. A cross-site scripting vulnerability exists in ZOHO ManageEngine SupportCenter Plus, which stems from the product's failure to validate user identities and could be exploited by attackers to obtain a...

6.1CVSS5.9AI score0.02745EPSS
Exploits0References4
OSV
OSV
added 2021/11/29 4:15 a.m.7 views

CVE-2021-44077

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration...

9.8CVSS7.6AI score0.93514EPSS
Exploits6References6
Prion
Prion
added 2021/11/29 4:15 a.m.44 views

Remote code execution

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration...

7.5CVSS9.7AI score0.93514EPSS
Exploits6References5Affected Software3
Cvelist
Cvelist
added 2021/11/29 3:17 a.m.35 views

CVE-2021-44077

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration...

10AI score0.93514EPSS
Exploits6References5
ATTACKERKB
ATTACKERKB
added 2021/11/29 12:0 a.m.48 views

CVE-2021-44077

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration. Recent assessments:...

9.8CVSS9.8AI score0.93514EPSS
In wildExploits6References6
Positive Technologies
Positive Technologies
added 2021/11/28 12:0 a.m.5 views

PT-2021-6071

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine ServiceDesk Plus versions prior to 11306 Zoho ManageEngine ServiceDesk Plus MSP versions prior to 10530 Zoho ManageEngine SupportCenter Plus versions prior to 11014 Description The issue is related to unauthenticated remote...

10CVSS10AI score0.93514EPSS
Exploits6References31
CNVD
CNVD
added 2018/09/25 12:0 a.m.6 views

ZOHO ManageEngine SupportCenter Plus Cross-Site Scripting Vulnerability (CNVD-2018-19734)

ZOHO ManageEngine SupportCenter Plus is a suite of customer service support management software from ZOHO USA. The software provides help desk, customer management, service level management and tracking of customer requests. A cross-site scripting vulnerability exists in ZOHO ManageEngine...

6.1CVSS6AI score0.02549EPSS
Exploits2References1
OSV
OSV
added 2018/09/21 5:29 p.m.5 views

CVE-2018-16965

In Zoho ManageEngine SupportCenter Plus before 8.1 Build 8109, there is HTML Injection and Stored XSS via the /ServiceContractDef.do contractName parameter...

6.1CVSS5.8AI score0.02549EPSS
Exploits2References2
Cvelist
Cvelist
added 2018/09/21 5:0 p.m.20 views

CVE-2018-16965

In Zoho ManageEngine SupportCenter Plus before 8.1 Build 8109, there is HTML Injection and Stored XSS via the /ServiceContractDef.do contractName parameter...

6.1AI score0.02549EPSS
Exploits2References2
Rows per page
Query Builder