CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50053 – Stored XSS
https://notcve.org/view.php?id=CVE-2024-50053
21 Mar 2025 — Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature. Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature. • https://www.manageengine.com/products/service-desk/CVE-2024-50053.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-9459 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-9459
05 Nov 2024 — Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior are vulnerable to authenticated SQL Injection in reports module. Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior are vulnerable to authenticated SQL Injection in reports module. • https://www.manageengine.com/products/exchange-reports/advisory/CVE-2024-9459.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36485 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-36485
04 Nov 2024 — Zohocorp ManageEngine ADAudit Plus versions 8121 and prior are vulnerable to SQL Injection in Technician reports option. Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in Technician reports option. Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in Technician reports option. • https://www.manageengine.com/products/active-directory-audit/cve-2024-36485.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-48878 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-48878
04 Nov 2024 — Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report. Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report. • https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2024-48878.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5608 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-5608
24 Oct 2024 — Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in the technician reports feature. • https://www.manageengine.com/products/active-directory-audit/cve-2024-5608.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2024-24409 – Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-24409
07 Oct 2024 — Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation in the Modify Computers option. Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation in the Modify Computers option. ManageEngine ADManager Plus builds prior to 7210 suffers from a privilege escalation vulnerability. • https://github.com/passtheticket/CVE-2024-24409 • CWE-269: Improper Privilege Management •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6204 – SQL injection
https://notcve.org/view.php?id=CVE-2024-6204
30 Aug 2024 — Zohocorp ManageEngine Exchange Reporter Plus versions before 5715 are vulnerable to SQL Injection in the reports module. Zohocorp ManageEngine Exchange Reporter Plus versions before 5715 are vulnerable to SQL Injection in the reports module. • https://www.manageengine.com/products/exchange-reports/advisory/CVE-2024-6204.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-5546 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-5546
28 Aug 2024 — Zohocorp ManageEngine Password Manager Pro versions before 12431 and ManageEngine PAM360 versions before 7001 are affected by authenticated SQL Injection vulnerability via a global search option. Zohocorp ManageEngine Password Manager Pro versions before 12431 and ManageEngine PAM360 versions before 7001 are affected by authenticated SQL Injection vulnerability via a global search option. • https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2024-5546.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-41150 – Stored XSS
https://notcve.org/view.php?id=CVE-2024-41150
23 Aug 2024 — An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800. An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceD... • https://www.manageengine.com/products/service-desk/CVE-2024-41150.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5586 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-5586
23 Aug 2024 — Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in extranet lockouts report option. Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in extranet lockouts report option. • https://www.manageengine.com/products/active-directory-audit/cve-2024-5586.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •