Page 4 of 22 results (0.009 seconds)

CVSS: 7.5EPSS: 0%CPEs: 65EXPL: 0

Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with authentication.) Zoho ManageEngine ServiceDesk Plus versiones anteriores a 13008, ServiceDesk Plus MSP versiones anteriores a 10606 y SupportCenter Plus versiones anteriores a 11022 están afectados por una vulnerabilidad de divulgación de archivos locales sin autenticación por medio del correo electrónico de creación de tickets. (Esto también afecta a Asset Explorer versiones anteriores a 6977 con autenticación) • https://www.manageengine.com/products/service-desk/cve-2022-35403.html •

CVSS: 5.4EPSS: 0%CPEs: 22EXPL: 1

Zoho ManageEngine SupportCenter Plus before 11020 allows Stored XSS in the request history. Zoho ManageEngine SupportCenter Plus versiones anteriores a 11020, permite el almacenamiento de tipo XSS en el historial de peticiones • https://manageengine.com https://pitstop.manageengine.com/portal/en/community/topic/manageengine-supportcenter-plus-version-11-0-build-11020-released https://raxis.com/blog/cve-2022-25373 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0

Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor. Zoho ManageEngine SupportCenter Plus versiones anteriores a 11016, es vulnerable a un ataque de tipo SSRF en ActionExecutor • https://manageengine.com https://www.manageengine.com/products/support-center/readme.html#11016 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 6.1EPSS: 0%CPEs: 16EXPL: 0

Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Accounts module. Zoho ManageEngine SupportCenter Plus versiones anteriores a 11016, es vulnerable a un ataque de tipo XSS Reflejado en el módulo Accounts • https://manageengine.com https://www.manageengine.com/products/support-center/readme.html#11016 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 16EXPL: 0

Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Products module. Zoho ManageEngine SupportCenter Plus versiones anteriores a 11016, es vulnerable a un ataque de tipo XSS Reflejado en el módulo Products • https://manageengine.com https://www.manageengine.com/products/support-center/readme.html#11016 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •