CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50053 – Stored XSS
https://notcve.org/view.php?id=CVE-2024-50053
21 Mar 2025 — Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature. Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature. • https://www.manageengine.com/products/service-desk/CVE-2024-50053.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-41150 – Stored XSS
https://notcve.org/view.php?id=CVE-2024-41150
23 Aug 2024 — An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800. An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceD... • https://www.manageengine.com/products/service-desk/CVE-2024-41150.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 7%CPEs: 5EXPL: 0CVE-2023-49943
https://notcve.org/view.php?id=CVE-2023-49943
18 Jan 2024 — Zoho ManageEngine ServiceDesk Plus MSP before 14504 allows stored XSS (by a low-privileged technician) via a task's name in a time sheet. Zoho ManageEngine ServiceDesk Plus MSP anterior a 14504 permite almacenar XSS (por parte de un técnico con pocos privilegios) a través del nombre de una tarea en una hoja de horas. • https://manageengine.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 788EXPL: 1CVE-2023-6105 – ManageEngine Information Disclosure in Multiple Products
https://notcve.org/view.php?id=CVE-2023-6105
15 Nov 2023 — An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database. Existe una vulnerabilidad de divulgación de información en varios productos ManageEngine que puede provocar la exposición de claves de cifrado... • https://www.manageengine.com/security/advisory/CVE/CVE-2023-6105.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 9%CPEs: 235EXPL: 0CVE-2023-35785
https://notcve.org/view.php?id=CVE-2023-35785
28 Aug 2023 — Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14204 and bel... • https://manageengine.com • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2023-34197
https://notcve.org/view.php?id=CVE-2023-34197
07 Jul 2023 — Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and SupportCenter Plus before 14300 have a privilege escalation vulnerability in the Release module that allows unprivileged users to access the Reminders of a release ticket and make modifications. • https://www.manageengine.com/products/service-desk/CVE-2023-34197.html • CWE-863: Incorrect Authorization •
CVSS: 6.1EPSS: 4%CPEs: 22EXPL: 0CVE-2023-29443
https://notcve.org/view.php?id=CVE-2023-29443
26 Apr 2023 — Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint. • https://www.manageengine.com/products/service-desk/CVE-2023-29443.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.8EPSS: 0%CPEs: 80EXPL: 0CVE-2023-26600 – ManageEngine ServiceDesk Plus MSP generateSQLReport Improper Input Validation Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-26600
06 Mar 2023 — ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports. This vulnerability allows remote attackers to escalate privileges on affected installations of ManageEngine ServiceDesk Plus MSP. Authentication is required to exploit this vulnerability. The specific flaw exists within the generateSQLReport function. The issue results from the lack of proper validation of user-suppl... • https://manageengine.com • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 77%CPEs: 48EXPL: 0CVE-2023-26601 – ManageEngine ServiceDesk Plus ImageUploadServlet Improper Input Validation Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-26601
06 Mar 2023 — Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service (DoS). This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of ManageEngine ServiceDesk Plus. Authentication is required to exploit this vulnerability. The specific flaw exists within the ImageUploadServlet. The issue results from the lack of proper input validation. An attacker c... • https://manageengine.com • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.4EPSS: 23%CPEs: 8EXPL: 0CVE-2023-23073
https://notcve.org/view.php?id=CVE-2023-23073
01 Feb 2023 — Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component. • https://bugbounty.zohocorp.com/bb/#/bug/101000006459171?tab=originator • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •