Zohocorp Manageengine Exchange Reporter Plus vulnerabilities
28 known vulnerabilities affecting zohocorp/manageengine_exchange_reporter_plus.
Total CVEs
28
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH10MEDIUM16
Vulnerabilities
Page 1 of 2
CVE-2026-28703MEDIUMCVSS 4.8fixed in 5.8v5.8+1 more2026-04-03
CVE-2026-28703 [HIGH] CWE-79 CVE-2026-28703: Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Ma
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Mails Exchanged Between Users report.
cvelistv5nvd
CVE-2026-4107MEDIUMCVSS 5.4fixed in 5.8v5.8+1 more2026-04-03
CVE-2026-4107 [HIGH] CWE-79 CVE-2026-4107: Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Fo
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Folder Message Count and Size report.
cvelistv5nvd
CVE-2026-27655MEDIUMCVSS 4.8fixed in 5.8v5.8+1 more2026-04-03
CVE-2026-27655 [HIGH] CWE-79 CVE-2026-27655: Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Pe
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions Based on Mailboxes report.
cvelistv5nvd
CVE-2026-28754MEDIUMCVSS 4.8fixed in 5.8v5.8+1 more2026-04-03
CVE-2026-28754 [HIGH] CWE-79 CVE-2026-28754: Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Di
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Distribution Lists report.
cvelistv5nvd
CVE-2026-28756MEDIUMCVSS 4.8fixed in 5.8v5.8+1 more2026-04-03
CVE-2026-28756 [HIGH] CWE-79 CVE-2026-28756: Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Pe
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions based on Distribution Groups report.
cvelistv5nvd
CVE-2026-4108MEDIUMCVSS 4.8fixed in 5.8v5.8+1 more2026-04-03
CVE-2026-4108 [HIGH] CWE-79 CVE-2026-4108: Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in No
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Non-Owner Mailbox Permission report.
cvelistv5nvd
CVE-2026-3880MEDIUMCVSS 4.8fixed in 5.8v5.8+1 more2026-04-03
CVE-2026-3880 [HIGH] CWE-79 CVE-2026-3880: Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Pu
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Public Folder Client Permissions report.
cvelistv5nvd
CVE-2026-3879MEDIUMCVSS 4.8fixed in 5.8v5.8+1 more2026-04-03
CVE-2026-3879 [HIGH] CWE-79 CVE-2026-3879: Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Eq
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Equipment Mailbox Details report.
cvelistv5nvd
CVE-2025-7632MEDIUMCVSS 5.4≤ 5.6v5.7+1 more2025-11-11
CVE-2025-7632 [HIGH] CWE-79 CVE-2025-7632: Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XS
Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Public Folders report.
cvelistv5nvd
CVE-2025-7633MEDIUMCVSS 6.1≤ 5.6v5.7+1 more2025-11-11
CVE-2025-7633 [HIGH] CWE-79 CVE-2025-7633: Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XS
Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Custom report.
cvelistv5nvd
CVE-2025-7429MEDIUMCVSS 5.4≤ 5.6v5.7+1 more2025-11-11
CVE-2025-7429 [HIGH] CWE-79 CVE-2025-7429: Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XS
Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Mails Deleted or Moved report.
cvelistv5nvd
CVE-2025-7430MEDIUMCVSS 5.4≤ 5.6v5.7+1 more2025-11-11
CVE-2025-7430 [HIGH] CWE-79 CVE-2025-7430: Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XS
Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Folder Message Count and Size report.
cvelistv5nvd
CVE-2025-5347MEDIUMCVSS 5.4fixed in 5.7v5.7+1 more2025-10-30
CVE-2025-5347 [MEDIUM] CWE-79 CVE-2025-5347: Zohocorp ManageEngine Exchange Reporter Plus versions before 5723 are vulnerable to Stored Cross Sit
Zohocorp ManageEngine Exchange Reporter Plus versions before 5723 are vulnerable to Stored Cross Site Scripting in the reports module.
cvelistv5nvd
CVE-2025-5343MEDIUMCVSS 5.4fixed in 5.7v5.7+1 more2025-10-30
CVE-2025-5343 [MEDIUM] CWE-79 CVE-2025-5343: Zohocorp ManageEngine Exchange Reporter Plus versions through 5721 are vulnerable to Stored Cross Si
Zohocorp ManageEngine Exchange Reporter Plus versions through 5721 are vulnerable to Stored Cross Site Scripting in the Instant Search option.
cvelistv5nvd
CVE-2025-5342MEDIUMCVSS 6.5fixed in 5.7v5.7+1 more2025-10-30
CVE-2025-5342 [MEDIUM] CWE-400 CVE-2025-5342: Zohocorp ManageEngine Exchange Reporter Plus through 5721 are vulnerable to ReDOS vulnerability in t
Zohocorp ManageEngine Exchange Reporter Plus through 5721 are vulnerable to ReDOS vulnerability in the search module.
cvelistv5nvd
CVE-2025-5366HIGHCVSS 8.1fixed in 5.7v5.72025-06-26
CVE-2025-5366 [HIGH] CWE-79 CVE-2025-5366: Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in
Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in the Folder-wise read mails with subject report.
nvd
CVE-2025-5966HIGHCVSS 8.1fixed in 5.7v5.72025-06-26
CVE-2025-5966 [HIGH] CWE-79 CVE-2025-5966: Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in
Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in the Attachments by filename keyword report.
nvd
CVE-2025-3835CRITICALCVSS 9.6fixed in 5.7v5.72025-06-09
CVE-2025-3835 [CRITICAL] CWE-434 CVE-2025-3835: Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code e
Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module.
nvd
CVE-2024-9459HIGHCVSS 8.8fixed in 5.7v5.72024-11-05
CVE-2024-9459 [HIGH] CWE-89 CVE-2024-9459: Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior are vulnerable to authenticated
Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior are vulnerable to authenticated SQL Injection in reports module.
nvd
CVE-2024-6204HIGHCVSS 8.1fixed in 5.7v5.72024-08-30
CVE-2024-6204 [HIGH] CWE-89 CVE-2024-6204: Zohocorp ManageEngine Exchange Reporter Plus versions before 5715 are vulnerable to SQL Injection in
Zohocorp ManageEngine Exchange Reporter Plus versions before 5715 are vulnerable to SQL Injection in the reports module.
nvd
1 / 2Next →