Zohocorp - Servicedesk Plus CVE

Filtered by vendor Zohocorp Subscribe

Filtered by product Servicedesk Plus

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2016-4888	1 Zohocorp	1 Servicedesk Plus	2017-05-13	3.5 LOW	5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ServiceDesk Plus before 9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-4890	1 Zohocorp	1 Servicedesk Plus	2017-05-13	5.0 MEDIUM	5.3 MEDIUM
ZOHO ManageEngine ServiceDesk Plus before 9.2 uses an insecure method for generating cookies, which makes it easier for attackers to obtain sensitive password information by leveraging access to a cookie.

Vulnerabilities (CVE)