Manageengine Exchange Reporter Plus vulnerabilities
8 known vulnerabilities affecting manageengine/exchange_reporter_plus.
Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH7
Vulnerabilities
Page 1 of 1
CVE-2025-5366HIGHCVSS 8.1≤ 57222025-06-26
CVE-2025-5366 [HIGH] CWE-79 CVE-2025-5366: Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in
Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in the Folder-wise read mails with subject report.
cvelistv5nvd
CVE-2025-5966HIGHCVSS 8.1≤ 57222025-06-26
CVE-2025-5966 [HIGH] CWE-79 CVE-2025-5966: Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in
Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in the Attachments by filename keyword report.
cvelistv5nvd
CVE-2025-3835CRITICALCVSS 9.6fixed in 57222025-06-09
CVE-2025-3835 [CRITICAL] CWE-434 CVE-2025-3835: Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code e
Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module.
cvelistv5nvd
CVE-2024-9459HIGHCVSS 8.8fixed in 57192024-11-05
CVE-2024-9459 [HIGH] CWE-89 CVE-2024-9459: Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior are vulnerable to authenticated
Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior are vulnerable to authenticated SQL Injection in reports module.
cvelistv5nvd
CVE-2024-6204HIGHCVSS 8.1fixed in 57152024-08-30
CVE-2024-6204 [HIGH] CWE-89 CVE-2024-6204: Zohocorp ManageEngine Exchange Reporter Plus versions before 5715 are vulnerable to SQL Injection in
Zohocorp ManageEngine Exchange Reporter Plus versions before 5715 are vulnerable to SQL Injection in the reports module.
cvelistv5nvd
CVE-2024-38872HIGHCVSS 8.8fixed in 57172024-07-26
CVE-2024-38872 [HIGH] CWE-89 CVE-2024-38872: Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authentic
Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the monitoring module.
cvelistv5nvd
CVE-2024-38871HIGHCVSS 8.8fixed in 57172024-07-26
CVE-2024-38871 [HIGH] CWE-89 CVE-2024-38871: Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authentic
Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the reports module.
cvelistv5nvd
CVE-2024-21775HIGHCVSS 8.8fixed in 57142024-02-16
CVE-2024-21775 [HIGH] CWE-89 CVE-2024-21775: Zoho ManageEngine Exchange Reporter Plus versions 5714 and below are vulnerable to the Authenticated
Zoho ManageEngine Exchange Reporter Plus versions 5714 and below are vulnerable to the Authenticated SQL injection in report exporting feature.
cvelistv5nvd