Page 66 of 458 results (0.005 seconds)

CVSS: 6.1EPSS: 0%CPEs: 92EXPL: 1

CVE-2018-20484 – Zoho ManageEngine ADSelfService Plus 5.7 < 5702 build - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2018-20484

Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation. Zoho ManageEngine ADSelfService Plus, en versiones 5.7 anteriores a la build 5702, tiene Cross-Site Scripting (XSS) en la implementación del diseño de autoactualización. Zoho ManageEngine ADSelfService Plus version 5.7 builds prior to 5702 suffer from multiple cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/46815 http://packetstormsecurity.com/files/152793/Zoho-ManageEngine-ADSelfService-Plus-5.7-Cross-Site-Scripting.html https://www.manageengine.com/products/self-service-password/release-notes.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 116EXPL: 1

CVE-2018-20485 – Zoho ManageEngine ADSelfService Plus 5.7 < 5702 build - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2018-20485

Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature. Zoho ManageEngine OpManager 5.7 antes de la build 5702 tiene Cross-Site Scripting (XSS) mediante la característica de búsqueda de empleados. Zoho ManageEngine ADSelfService Plus version 5.7 builds prior to 5702 suffer from multiple cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/46815 http://packetstormsecurity.com/files/152793/Zoho-ManageEngine-ADSelfService-Plus-5.7-Cross-Site-Scripting.html https://www.manageengine.com/products/self-service-password/release-notes.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 152EXPL: 0

CVE-2018-20339 – Zoho ManageEngine OpManager 12.3 Alarms Cross Site Scripting

https://notcve.org/view.php?id=CVE-2018-20339

Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the Notes column of the Alarms section. Zoho ManageEngine OpManager, en versiones 12.3 anteriores a la build 123239, permite Cross-Site Scripting (XSS) en la columna Notes de la sección Alarms. Zoho ManageEngine OpManager versions 12.3 before build 123239 suffers from a cross site scripting vulnerability in the Alarms section. • http://www.securityfocus.com/bid/106302 https://www.manageengine.com/network-monitoring/help/read-me.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 2%CPEs: 152EXPL: 0

CVE-2018-20338 – Zoho ManageEngine OpManager 12.3 Alarms SQL Injection

https://notcve.org/view.php?id=CVE-2018-20338

Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section. Zoho ManageEngine OpManager, en versiones 12.3 anteriores a la build 123239, permite una inyección SQL en la sección Alarms. Zoho ManageEngine OpManager versions 12.3 before build 123239 suffers from a remote SQL injection vulnerability in the Alarms section. • http://www.securityfocus.com/bid/106302 https://www.manageengine.com/network-monitoring/help/read-me.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 1%CPEs: 89EXPL: 0

CVE-2018-20173 – Zoho ManageEngine OpManager 12.3 SQL Injection

https://notcve.org/view.php?id=CVE-2018-20173

Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API. Zoho ManageEngine OpManager en versiones 12.3 anteriores a la 123238 permite una inyección SQL mediante la API getGraphData. Zoho ManageEngine OpManager versions 12.3 before 123238 suffer from a remote SQL injection vulnerability in the getGraphData API. • https://www.manageengine.com/network-monitoring/help/read-me.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •