cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-5466,https://securityvulnerability.io/vulnerability/CVE-2024-5466,ManageEngine OpManager Vulnerable to Remote Code Execution,"ZohoCorp's ManageEngine OpManager and Remote Monitoring and Management are affected by an authenticated remote code execution vulnerability. This flaw, present in versions 128329 and below, allows attackers to exploit the deploy agent option, potentially leading to unauthorized execution of malicious code within the system. Users of these products should prioritize reviewing their configurations and applying necessary updates to mitigate associated risks.",Manageengine,"Opmanager, Remote Monitoring And Management",8.8,HIGH,0.0027199999894946814,false,false,false,false,,false,false,2024-08-23T13:23:22.144Z,0
CVE-2024-38870,https://securityvulnerability.io/vulnerability/CVE-2024-38870,ManageEngine OpManager vulnerable to Stored XSS vulnerability,"Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and OpManager Enterprise Edition versions before 128104, from 128151 before 128238, from 128247 before 128250 are vulnerable to Stored XSS vulnerability in reports module.",Manageengine,"Opmanager, Opmanager Plus, Opmanager Msp, Opmanager Enterprise Edition",3.5,LOW,0.0004299999854993075,false,false,false,false,,false,false,2024-07-17T16:48:58.815Z,0
CVE-2024-36038,https://securityvulnerability.io/vulnerability/CVE-2024-36038,Zoho ManageEngine ITOM Proxy Server Cross-Site Scripting Vulnerability,"Zoho ManageEngine ITOM products from version 128234 to 128248 are susceptible to a stored cross-site scripting vulnerability in the proxy server option. This vulnerability allows attackers to inject malicious scripts that are stored on the server and executed in the context of users accessing the affected ITOM services. Exploitation of this vulnerability may lead to unauthorized access, data manipulation, and a potential compromise of user credentials, thus posing significant security risks to organizations utilizing these products.",Manageengine,Opmanager,6.3,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-06-24T11:45:11.075Z,0
CVE-2022-43473,https://securityvulnerability.io/vulnerability/CVE-2022-43473,,"A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve 
a malicious XML payload to trigger this vulnerability.",Manageengine,Opmanager,5.8,MEDIUM,0.0032399999909102917,false,false,false,false,,false,false,2023-03-30T16:28:35.983Z,0
CVE-2020-19554,https://securityvulnerability.io/vulnerability/CVE-2020-19554,,Cross Site Scripting (XSS) vulnerability exists in ManageEngine OPManager <=12.5.174 when the API key contains an XML-based XSS payload.,Manageengine,Opmanager,6.1,MEDIUM,0.0010900000343099236,false,false,false,false,,false,false,2021-09-21T19:07:47.000Z,0
CVE-2007-5891,https://securityvulnerability.io/vulnerability/CVE-2007-5891,,"Multiple cross-site scripting (XSS) vulnerabilities in jsp/Login.do in ManageEngine OpManager MSP Edition and OpManager 7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) requestid, (2) fileid, (3) woMode, and (2) woID parameters.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.",Manageengine,"Opmanager,Opmanager Msp",,,0.002300000051036477,false,false,false,false,,false,false,2007-11-08T02:00:00.000Z,0