Manageengine Admanager Plus vulnerabilities

CVE-2024-24409 [HIGH] CWE-269 CVE-2024-24409: Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation in the Modify Computers option.

CVE-2024-48878 [HIGH] CWE-89 CVE-2024-48878: Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Arch Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report.

CVE-2018-15608 [MEDIUM] CWE-79 CVE-2018-15608: Zoho ManageEngine ADManager Plus 6.5.7 allows HTML Injection on the "AD Delegation" "Help Desk Techn Zoho ManageEngine ADManager Plus 6.5.7 allows HTML Injection on the "AD Delegation" "Help Desk Technicians" screen.

CVE-2012-1049 [MEDIUM] CWE-79 CVE-2012-1049: Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ADManager Plus 5.2 Build 5210 al Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ADManager Plus 5.2 Build 5210 allow remote attackers to inject arbitrary web script or HTML via the (1) domainName parameter to jsp/AddDC.jsp or (2) operation parameter to DomainConfig.do.