tarantula-team/Multiple-Cross-Site-Scripting-vulnerabilities-in-Zoho-ManageEngine

tarantula-team/Multiple-Cross-Site-Scripting-vulnerabilities-in-Zoho-ManageEngine

Releases0

Stars1

Multiple cross-site scripting vulnerabilities in Zoho ManageEngine

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2019-12537 ↗	Jul 11, 2019Thursday, 11 July 2019, 14:15	6.1 MEDIUM	4.3 MEDIUM
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the SearchN.do search field.
CVE-2019-12539 ↗	Jul 11, 2019Thursday, 11 July 2019, 14:15	6.1 MEDIUM	4.3 MEDIUM
An issue was discovered in the Purchase component of Zoho ManageEngine ServiceDesk Plus. There is XSS via the SearchN.do search field, a different vulnerability than CVE-2019-12189.
CVE-2019-12540 ↗	Jul 11, 2019Thursday, 11 July 2019, 14:15	—	4.3 MEDIUM
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5. There is XSS via the WorkOrder.do search field.
CVE-2019-12595 ↗	Jul 11, 2019Thursday, 11 July 2019, 14:15	6.1 MEDIUM	4.3 MEDIUM
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the RCSettings.do rdsName parameter.
CVE-2019-12596 ↗	Jul 11, 2019Thursday, 11 July 2019, 14:15	6.1 MEDIUM	4.3 MEDIUM
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via SoftwareListView.do with the parameter swType or swComplianceType.
CVE-2019-12597 ↗	Jul 11, 2019Thursday, 11 July 2019, 14:15	6.1 MEDIUM	4.3 MEDIUM
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via ResourcesAttachments.jsp with the parameter pageName.