Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Zohocorp Subscribe
Filtered by product Manageengine Opstor
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-2670 1 Zohocorp 1 Manageengine Opstor 2015-07-24 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in Properties.do in ZOHO ManageEngine OpStor before build 8500 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter, a different vulnerability than CVE-2014-0344.
CVE-2014-0344 1 Zohocorp 1 Manageengine Opstor 2015-07-24 6.5 MEDIUM N/A
Properties.do in ZOHO ManageEngine OpStor before build 8500 does not properly check privilege levels, which allows remote authenticated users to obtain Admin access by using the name parameter in conjunction with a true value of the edit parameter.