CVSS: 6.1EPSS: 0%CPEs: 152EXPL: 0CVE-2018-20339 – Zoho ManageEngine OpManager 12.3 Alarms Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-20339
Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the Notes column of the Alarms section. Zoho ManageEngine OpManager, en versiones 12.3 anteriores a la build 123239, permite Cross-Site Scripting (XSS) en la columna Notes de la sección Alarms. Zoho ManageEngine OpManager versions 12.3 before build 123239 suffers from a cross site scripting vulnerability in the Alarms section. • http://www.securityfocus.com/bid/106302 https://www.manageengine.com/network-monitoring/help/read-me.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 2%CPEs: 152EXPL: 0CVE-2018-20338 – Zoho ManageEngine OpManager 12.3 Alarms SQL Injection
https://notcve.org/view.php?id=CVE-2018-20338
Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section. Zoho ManageEngine OpManager, en versiones 12.3 anteriores a la build 123239, permite una inyección SQL en la sección Alarms. Zoho ManageEngine OpManager versions 12.3 before build 123239 suffers from a remote SQL injection vulnerability in the Alarms section. • http://www.securityfocus.com/bid/106302 https://www.manageengine.com/network-monitoring/help/read-me.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 1%CPEs: 89EXPL: 0CVE-2018-20173 – Zoho ManageEngine OpManager 12.3 SQL Injection
https://notcve.org/view.php?id=CVE-2018-20173
Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API. Zoho ManageEngine OpManager en versiones 12.3 anteriores a la 123238 permite una inyección SQL mediante la API getGraphData. Zoho ManageEngine OpManager versions 12.3 before 123238 suffer from a remote SQL injection vulnerability in the getGraphData API. • https://www.manageengine.com/network-monitoring/help/read-me.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 160EXPL: 0CVE-2018-19921 – Zoho ManageEngine OpManager 12.3 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-19921
Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain controller. Zoho ManageEngine OpManager 12.3 antes de 123237 tiene Cross-Site Scripting (XSS) en el controlador del dominio. Zoho ManageEngine OpManager version 12.3 prior to build 123237 has a cross site scripting vulnerability in the domainController API. • https://www.manageengine.com/network-monitoring/help/read-me.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 154EXPL: 0CVE-2018-19288
https://notcve.org/view.php?id=CVE-2018-19288
Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API. Zoho ManageEngine OpManager 12.3 antes de la build 123223 tiene Cross-Site Scripting (XSS) mediante la API updateWidget. • http://www.securityfocus.com/bid/105960 https://www.manageengine.com/network-monitoring/help/read-me.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •