cbcvebase.

Zohocorp Manageengine Servicedesk Plus vulnerabilities

50 known vulnerabilities affecting zohocorp/manageengine_servicedesk_plus.

Total CVEs
50
CISA KEV
4
actively exploited
Public exploits
12
Exploited in wild
4
Severity breakdown
CRITICAL5HIGH11MEDIUM33LOW1

Vulnerabilities

Page 3 of 3
CVE-2023-23077P4MEDIUMCVSS 6.1v13.02023-02-01
CVE-2023-23077 [MEDIUM] CWE-79 CVE-2023-23077: Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment fi Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment.
nvd
CVE-2024-41150P4MEDIUMCVSS 6.1≤ 14.7v14.82024-08-23
CVE-2024-41150 [MEDIUM] CWE-79 CVE-2024-41150: An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine Service An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800.
nvd
CVE-2023-6105P4MEDIUMCVSS 5.5fixed in 14.3v14.32023-11-15
CVE-2023-6105 [MEDIUM] CWE-200 CVE-2023-6105: An information disclosure vulnerability exists in multiple ManageEngine products that can result in An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine pr
nvd
CVE-2023-23073P4MEDIUMCVSS 6.1v14.02023-02-01
CVE-2023-23073 [MEDIUM] CWE-79 CVE-2023-23073: Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purc Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component.
nvd
CVE-2023-23078P4MEDIUMCVSS 6.1v14.02023-02-01
CVE-2023-23078 [MEDIUM] CWE-79 CVE-2023-23078: Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment fi Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets.
nvd
CVE-2019-12540P4MEDIUMCVSS 6.1v10.52019-07-11
CVE-2019-12540 [MEDIUM] CWE-79 CVE-2019-12540: An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5. There is XSS via the WorkOrder.d An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5. There is XSS via the WorkOrder.do search field.
nvd
CVE-2022-25245P4MEDIUMCVSS 5.3≤ 12.0v13.02022-04-05
CVE-2022-25245 [MEDIUM] CWE-306 CVE-2022-25245: Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default cur Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name.
nvd
CVE-2024-50053P4MEDIUMCVSS 5.4fixed in 14.9v14.92025-03-21
CVE-2024-50053 [MEDIUM] CWE-79 CVE-2024-50053: Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature.
nvd
CVE-2020-6843P4MEDIUMCVSS 4.8≤ 11.02020-01-23
CVE-2020-6843 [MEDIUM] CWE-79 CVE-2020-6843: Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959.
nvd
CVE-2024-27314P4LOWCVSS 2.4≤ 14.6v14.72024-05-27
CVE-2024-27314 [LOW] CWE-79 CVE-2024-27314: Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and Suppor Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14720 are vulnerable to stored XSS in the Custom Actions menu on the request details. This vulnerability can be exploited only by the SDAdmin role users.
nvd
Zohocorp Manageengine Servicedesk Plus vulnerabilities | cvebase