Zohocorp Manageengine Assetexplorer vulnerabilities
26 known vulnerabilities affecting zohocorp/manageengine_assetexplorer.
Total CVEs
26
CISA KEV
1
actively exploited
Public exploits
2
Exploited in wild
1
Severity breakdown
CRITICAL3HIGH8MEDIUM14LOW1
Vulnerabilities
Page 2 of 2
CVE-2023-6105P4MEDIUMCVSS 5.5fixed in 7.0v7.02023-11-15
CVE-2023-6105 [MEDIUM] CWE-200 CVE-2023-6105: An information disclosure vulnerability exists in multiple ManageEngine products that can result in
An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine pr
nvd
CVE-2018-17596P4MEDIUMCVSS 6.1v6.2.02018-10-02
CVE-2018-17596 [MEDIUM] CWE-79 CVE-2018-17596: In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was discovered in the 6.2.0 version v
In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was discovered in the 6.2.0 version via the /AssetDef.do ciName or assetName parameter.
nvd
CVE-2019-12537P4MEDIUMCVSS 6.1v6.52019-07-11
CVE-2019-12537 [MEDIUM] CWE-79 CVE-2019-12537: An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the SearchN.do search f
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the SearchN.do search field.
nvd
CVE-2023-23075P4MEDIUMCVSS 6.1v6.92023-02-01
CVE-2023-23075 [MEDIUM] CWE-79 CVE-2023-23075: Cross Site Scripting (XSS) vulnerability in Zoho Asset Explorer 6.9 via the credential name when cre
Cross Site Scripting (XSS) vulnerability in Zoho Asset Explorer 6.9 via the credential name when creating a new Assets Workstation.
nvd
CVE-2012-5956P4MEDIUMCVSS 4.3≤ 5.62012-12-11
CVE-2012-5956 [MEDIUM] CWE-79 CVE-2012-5956: Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine AssetExplorer 5.6 before service
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine AssetExplorer 5.6 before service pack 5614 allow remote attackers to inject arbitrary web script or HTML via fields in XML asset data to discoveryServlet/WsDiscoveryServlet, as demonstrated by the DocRoot/Computer_Information/output element.
nvd
CVE-2015-5061P4LOWCVSS 3.5v6.12015-06-24
CVE-2015-5061 [LOW] CWE-79 CVE-2015-5061: Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 an
Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 and earlier allows remote authenticated users with permissions to add new vendors to inject arbitrary web script or HTML via the organizationName parameter to VendorDef.do.
nvd
← Previous2 / 2