Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-2670 | 1 Zohocorp | 1 Manageengine Opstor | 2015-07-24 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in Properties.do in ZOHO ManageEngine OpStor before build 8500 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter, a different vulnerability than CVE-2014-0344. | |||||
CVE-2014-0344 | 1 Zohocorp | 1 Manageengine Opstor | 2015-07-24 | 6.5 MEDIUM | N/A |
Properties.do in ZOHO ManageEngine OpStor before build 8500 does not properly check privilege levels, which allows remote authenticated users to obtain Admin access by using the name parameter in conjunction with a true value of the edit parameter. |