Zohocorp Manageengine Assetexplorer vulnerabilities

26 known vulnerabilities affecting zohocorp/manageengine_assetexplorer.

Total CVEs
26
CISA KEV
1
actively exploited
Public exploits
2
Exploited in wild
1
Severity breakdown
CRITICAL3HIGH8MEDIUM14LOW1

Vulnerabilities

Page 2 of 2
CVE-2019-12537MEDIUMCVSS 6.1v6.52019-07-11
CVE-2019-12537 [MEDIUM] CWE-79 CVE-2019-12537: An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the SearchN.do search f An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the SearchN.do search field.
nvd
CVE-2019-12595MEDIUMCVSS 6.1v6.52019-07-11
CVE-2019-12595 [MEDIUM] CWE-79 CVE-2019-12595: An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the RCSettings.do rdsNa An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the RCSettings.do rdsName parameter.
nvd
CVE-2018-17596MEDIUMCVSS 6.1v6.2.02018-10-02
CVE-2018-17596 [MEDIUM] CWE-79 CVE-2018-17596: In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was discovered in the 6.2.0 version v In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was discovered in the 6.2.0 version via the /AssetDef.do ciName or assetName parameter.
nvd
CVE-2015-2169MEDIUMCVSS 4.3PoCv6.12015-06-24
CVE-2015-2169 [MEDIUM] CWE-79 CVE-2015-2169: Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 al Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 allows remote attackers to inject arbitrary web script or HTML via a Publisher registry entry, which is not properly handled when the machine is scanned.
nvd
CVE-2015-5061LOWCVSS 3.5v6.12015-06-24
CVE-2015-5061 [LOW] CWE-79 CVE-2015-5061: Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 an Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 and earlier allows remote authenticated users with permissions to add new vendors to inject arbitrary web script or HTML via the organizationName parameter to VendorDef.do.
nvd
CVE-2012-5956MEDIUMCVSS 4.3≤ 5.62012-12-11
CVE-2012-5956 [MEDIUM] CWE-79 CVE-2012-5956: Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine AssetExplorer 5.6 before service Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine AssetExplorer 5.6 before service pack 5614 allow remote attackers to inject arbitrary web script or HTML via fields in XML asset data to discoveryServlet/WsDiscoveryServlet, as demonstrated by the DocRoot/Computer_Information/output element.
nvd
← Previous2 / 2