Vulnerabilities (CVE)

Filtered by vendor Zohocorp Subscribe
Filtered by product Manageengine Opstor
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-2670 1 Zohocorp 1 Manageengine Opstor 2024-11-21 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in Properties.do in ZOHO ManageEngine OpStor before build 8500 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter, a different vulnerability than CVE-2014-0344.
CVE-2014-0344 1 Zohocorp 1 Manageengine Opstor 2024-11-21 6.5 MEDIUM N/A
Properties.do in ZOHO ManageEngine OpStor before build 8500 does not properly check privilege levels, which allows remote authenticated users to obtain Admin access by using the name parameter in conjunction with a true value of the edit parameter.