CVSS: 7.5EPSS: 0%CPEs: 65EXPL: 0CVE-2022-35403
https://notcve.org/view.php?id=CVE-2022-35403
12 Jul 2022 — Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with authentication.) Zoho ManageEngine ServiceDesk Plus versiones anteriores a 13008, ServiceDesk Plus MSP versiones anteriores a 10606 y SupportCenter Plus versiones anteriores a 11022 están afectados por una vulnerabilidad de divulgación de arch... • https://www.manageengine.com/products/service-desk/cve-2022-35403.html •
CVSS: 5.4EPSS: 0%CPEs: 22EXPL: 1CVE-2022-25373
https://notcve.org/view.php?id=CVE-2022-25373
05 Apr 2022 — Zoho ManageEngine SupportCenter Plus before 11020 allows Stored XSS in the request history. Zoho ManageEngine SupportCenter Plus versiones anteriores a 11020, permite el almacenamiento de tipo XSS en el historial de peticiones • https://manageengine.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 97%CPEs: 72EXPL: 4CVE-2021-44077 – Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-44077
29 Nov 2021 — Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration. Zoho ManageEngine ServiceDesk Plus versiones anteriores a 11306, ServiceDesk Plus MSP versiones anteriores a 10530, y SupportCenter Plus versiones anteriores a 11014, son vulnerables a una ejecución de código remota no autenticada. Esto ... • https://packetstorm.news/files/id/165400 • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16965 – ManageEngine SupportCenter Plus 8.1.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-16965
19 Sep 2018 — In Zoho ManageEngine SupportCenter Plus before 8.1 Build 8109, there is HTML Injection and Stored XSS via the /ServiceContractDef.do contractName parameter. En Zoho ManageEngine SupportCenter Plus en versiones anteriores a la 8.1 Build 8109, hay una inyección HTML y Cross-Site Scripting (XSS) persistente mediante el parámetro contractName en /ServiceContractDef.do. ManageEngine SupportCenter Plus version 8.1.0 suffers from cross site scripting and html injection vulnerabilities. • https://packetstorm.news/files/id/149438 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3CVE-2015-5150 – ManageEngine SupportCenter Plus 7.90 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-5150
30 Jun 2015 — Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.90 allow remote authenticated users to inject arbitrary web script or HTML via the (1) query parameter in the run_query_editor_query module to CustomReportHandler.do, (2) compAcct parameter to jsp/ResetADPwd.jsp, or (3) redirectTo parameter to jsp/CacheScreenWidth.jsp. Múltiples vulnerabilidades de XSS en Zoho ManageEngine SupportCenter Plus 7.90 permiten a usuarios remotos autenticados inyectar secuencias de coman... • https://www.exploit-db.com/exploits/37322 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 3CVE-2015-5149 – ManageEngine SupportCenter Plus 7.90 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-5149
30 Jun 2015 — Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary files via a .. (dot dot) in the component parameter in the Request component to workorder/Attachment.jsp. Vulnerabilidad de salto de directorio en Zoho ManageEngine SupportCenter Plus 7.90 permite a usuarios remotos autenticados escribir en ficheros arbitrarios a través de un .. (punto punto) en el parámetro component en el componente Request en workorder/Attachment.jsp. • https://www.exploit-db.com/exploits/37322 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •