72 matches found
CVE-2021-40174
Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for disabling the logon security settings...
CVE-2021-40175
Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution...
CVE-2021-40176
Zoho ManageEngine Log360 before Build 5225 allows stored XSS...
CVE-2021-40172
Zoho ManageEngine Log360 before Build 5219 allows a CSRF attack on proxy settings...
CVE-2021-40178
Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the LOGOPATH key value in the logon settings...
Cross site scripting
Zoho ManageEngine Log360 before Build 5225 allows stored XSS...
CVE-2021-40174
Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for disabling the logon security settings...
Cross site scripting
Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the LOGOPATH key value in the logon settings...
Unrestricted file upload
Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution...
Design/Logic Flaw
Zoho ManageEngine Log360 before Build 5225 allows remote code execution via BCP file overwrite...
Cross site request forgery (csrf)
Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for disabling the logon security settings...
Cross site request forgery (csrf)
Zoho ManageEngine Log360 before Build 5219 allows a CSRF attack on proxy settings...
CVE-2021-40172
Zoho ManageEngine Log360 before Build 5219 allows a CSRF attack on proxy settings...
CVE-2021-40172
Zoho ManageEngine Log360 is vulnerable to a CSRF on proxy settings in builds prior to 5219. The CVE-2021-40172 entry documents a cross-site request forgery issue affecting the proxy configuration functionality, with published references indicating that updating to Build 5219 or later mitigates th...
CVE-2021-40174
Zoho ManageEngine Log360 is affected by a CSRF vulnerability prior to Build 5224. The issue stems from insufficient validation of requests from trusted users, allowing an attacker to disable logon security settings. Reported CVSS scores indicate high impact (CVSS 3.1: base score 8.8, vector CVSS:...
CVE-2021-40175
CVE-2021-40175 affects Zoho ManageEngine Log360 prior to Build 5219, where unrestricted file upload enables remote code execution. The incident is documented across multiple sources tying the vulnerability to the Log360 web upload mechanism and the Build 5219 fix. Affected component: Log360 uploa...
CVE-2021-40175
Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution...
CVE-2021-40176
CVE-2021-40176 affects Zoho ManageEngine Log360 prior to Build 5225, with a stored XSS vulnerability caused by insufficient input validation in the web interface. Exploitation could lead to execution of client-side code within authenticated sessions on affected instances. Public references indica...
CVE-2021-40176
Zoho ManageEngine Log360 before Build 5225 allows stored XSS...
CVE-2021-40177
Zoho ManageEngine Log360 before Build 5225 allows remote code execution via BCP file overwrite...