VYPR

ManageEngine SupportCenter Plus

by Zoho

CVEs (4)

  • CVE-2018-16965MedSep 21, 2018
    risk 0.40cvss 6.1epss 0.03

    In Zoho ManageEngine SupportCenter Plus before 8.1 Build 8109, there is HTML Injection and Stored XSS via the /ServiceContractDef.do contractName parameter.

  • CVE-2015-5149Jun 30, 2015
    risk 0.04cvss epss 0.10

    Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary files via a .. (dot dot) in the component parameter in the Request component to workorder/Attachment.jsp.

  • CVE-2015-5150Jun 30, 2015
    risk 0.03cvss epss 0.04

    Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.90 allow remote authenticated users to inject arbitrary web script or HTML via the (1) query parameter in the run_query_editor_query module to CustomReportHandler.do, (2) compAcct…

  • CVE-2015-0866Feb 2, 2015
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.9 before hotfix 7941 allow remote attackers to inject arbitrary web script or HTML via the (1) fromCustomer, (2) username, or (3) password parameter to HomePage.do.