CVE-2020-6843 – ZOHO ManageEngine ServiceDeskPlus 11.0 Build 11007 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2020-6843
Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959. Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 permite un ataque de cross-site scripting (XSS). Este problema se solucionó en la versión 11.0 Build 11010, SD-83959. ZOHO ManageEngine ServiceDeskPlus versions 11.0 Build 11007 and below suffer from a cross site scripting vulnerability. • http://packetstormsecurity.com/files/156050/ZOHO-ManageEngine-ServiceDeskPlus-11.0-Build-11007-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2020/Jan/32 https://sec-consult.com/en/vulnerability-lab/advisories/index.html https://seclists.org/bugtraq/2020/Jan/34 https://www.manageengine.com/products/service-desk/readme.html#11010%20-%20SD-83959 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-15045 – Zoho Corporation ManageEngine ServiceDesk Plus Information Disclosure
https://notcve.org/view.php?id=CVE-2019-15045
AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. NOTE: the vendor's position is that this is intended functionality ** EN DISPUTA ** AjaxDomainServlet en Zoho ManageEngine ServiceDesk Plus versión 10 permite la enumeración de usuarios. NOTA: la posición del proveedor es que esta es la funcionalidad prevista. Zoho Corporation ManageEngine ServiceDesk Plus 10 versions prior to 10509 suffer from an information leakage vulnerability. • http://packetstormsecurity.com/files/154183/Zoho-Corporation-ManageEngine-ServiceDesk-Plus-Information-Disclosure.html http://seclists.org/fulldisclosure/2019/Aug/17 https://www.manageengine.com/products/service-desk/readme.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2019-15046 – Zoho Corporation ManageEngine ServiceDesk Plus Information Disclosure
https://notcve.org/view.php?id=CVE-2019-15046
Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989. Zoho ManageEngine ServiceDesk Plus 10 anteriores a la versión 10509, permite el filtrado de información confidencial no autenticada durante la replicación de Fail Over Service (FOS), también se conoce como SD-79989. Zoho Corporation ManageEngine ServiceDesk Plus 10 versions prior to 10509 suffer from an information leakage vulnerability. • http://packetstormsecurity.com/files/154183/Zoho-Corporation-ManageEngine-ServiceDesk-Plus-Information-Disclosure.html http://seclists.org/fulldisclosure/2019/Aug/17 https://seclists.org/bugtraq/2019/Aug/37 https://www.manageengine.com/products/service-desk/readme.html#10509 • CWE-287: Improper Authentication •
CVE-2019-12539
https://notcve.org/view.php?id=CVE-2019-12539
An issue was discovered in the Purchase component of Zoho ManageEngine ServiceDesk Plus. There is XSS via the SearchN.do search field, a different vulnerability than CVE-2019-12189. Se detectó un problema en el componente Purchase de ManageEngine ServiceDesk Plus de Zoho. Se presenta un problema de tipo XSS por medio del campo de búsqueda SearchN.do, una vulnerabilidad diferente a CVE-2019-12189. • https://github.com/tarantula-team/Multiple-Cross-Site-Scripting-vulnerabilities-in-Zoho-ManageEngine https://www.manageengine.com/products/service-desk/readme.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-12540
https://notcve.org/view.php?id=CVE-2019-12540
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5. There is XSS via the WorkOrder.do search field. Se detectó un problema en ManageEngine ServiceDesk Plus versión 10.5 de Zoho. Se presenta un problema de tipo XSS por medio del campo de búsqueda WorkOrder.do. • https://github.com/tarantula-team/Multiple-Cross-Site-Scripting-vulnerabilities-in-Zoho-ManageEngine https://www.manageengine.com/products/service-desk/readme.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •