manageengine assetexplorer vulnerabilities and exploits

9
CVSSv2
CVE-2014-5302

Directory traversal vulnerability in ServiceDesk Plus and Plus MSP v5 through v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4 allows remote authenticated users to execute arbitrary code....

9
CVSSv2
CVE-2014-5301

Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4....

ManageengineAssetexplorerIt360Servicedesk PlusSupportcenter
4.3
CVSSv2
CVE-2019-12539

An issue was discovered in the Purchase component of Zoho ManageEngine ServiceDesk Plus. There is XSS via the SearchN.do search field, a different vulnerability than CVE-2019-12189....

ZohocorpManageengine Servicedesk Plus
4.3
CVSSv2
CVE-2019-12540

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5. There is XSS via the WorkOrder.do search field....

ZohocorpManageengine Servicedesk Plus
4.3
CVSSv2
CVE-2019-12595

An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the RCSettings.do rdsName parameter....

ZohocorpManageengine Assetexplorer
4.3
CVSSv2
CVE-2019-12596

An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via SoftwareListView.do with the parameter swType or swComplianceType....

ZohocorpManageengine Assetexplorer
4.3
CVSSv2
CVE-2019-12597

An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via ResourcesAttachments.jsp with the parameter pageName....

ZohocorpManageengine Assetexplorer
4.3
CVSSv2
CVE-2019-12537

An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the SearchN.do search field....

ZohocorpManageengine Assetexplorer
4.3
CVSSv2
CVE-2018-17596

In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was discovered in the 6.2.0 version via the /AssetDef.do ciName or assetName parameter....

4.3
CVSSv2
CVE-2012-5956

Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine AssetExplorer 5.6 before service pack 5614 allow remote attackers to inject arbitrary web script or HTML via fields in XML asset data to discoveryServlet/WsDiscoveryServlet, as demonstrated by the...