← Back

Zoho

zoho

10 CVEs • 6 products

Products (6)

Click to collapse
Toggle
Salesiq
salesiq
4 CVEs
Zoho Campaigns
zoho_campaigns
2 CVEs
Zoho Books Accounting App
zoho_books_-_accounting_app
1 CVE
Lead Magnet
lead_magnet
1 CVE
Manageengine Remote Access Plus Server
manageengine_remote_access_plus_server
1 CVE
Marketing Automation
marketing_automation
1 CVE

CVEs (10)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-37225
1Zoho
1Marketing Automation
Nov 21, 2024
Jul 9, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zoho Marketing Automation.This issue affects Zoho Marketing Automation: from n/a through 1.2.7.
CVE-2024-32442
1Zoho
1Zoho Campaigns
Apr 28, 2026
Apr 15, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Zoho Campaigns.This issue affects Zoho Campaigns: from n/a through 2.0.7.
CVE-2024-32441
1Zoho
1Zoho Campaigns
Apr 28, 2026
Apr 15, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Zoho Campaigns.This issue affects Zoho Campaigns: from n/a through 2.0.7.
CVE-2021-42956
1Zoho
1Manageengine Remote Access Plus Server
Nov 21, 2024
Nov 17, 2021
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
Zoho Remote Access Plus Server Windows Desktop Binary fixed in 10.1.2132.6 is affected by a sensitive information disclosure vulnerability. Due to improper privilege management, the process launches as the logged in user...Show more
Zoho Remote Access Plus Server Windows Desktop Binary fixed in 10.1.2132.6 is affected by a sensitive information disclosure vulnerability. Due to improper privilege management, the process launches as the logged in user, so memory dump can be done by non-admin also. Remotely, an attacker can dump all sensitive information including DB Connection string, entire IT infrastructure details, commands executed by IT admin including credentials, secrets, private keys and more.Show less
CVE-2019-19306
1Zoho
1Lead Magnet
Nov 21, 2024
Nov 26, 2019
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
The Zoho CRM Lead Magnet plugin 1.6.9.1 for WordPress allows XSS via module, EditShortcode, or LayoutName.
CVE-2019-15645
1Zoho
1Salesiq
Nov 21, 2024
Aug 27, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
The zoho-salesiq plugin before 1.0.9 for WordPress has CSRF.
CVE-2019-15644
1Zoho
1Salesiq
Nov 21, 2024
Aug 27, 2019
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The zoho-salesiq plugin before 1.0.9 for WordPress has stored XSS.
CVE-2019-5963
1Zoho
1Salesiq
Nov 21, 2024
Jul 5, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Cross-site request forgery (CSRF) vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2019-5962
1Zoho
1Salesiq
Nov 21, 2024
Jul 5, 2019
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Cross-site scripting vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-6686
1Zoho
1Zoho Books Accounting App
May 6, 2026
Sep 23, 2014
N/A· v4
N/A· v3
5.4 MEDIUM· v2
The Zoho Books - Accounting App (aka com.zoho.books) application 3.1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive infor...Show more
The Zoho Books - Accounting App (aka com.zoho.books) application 3.1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.Show less