Zohocorp Manageengine Recovery Manager Plus vulnerabilities
2 known vulnerabilities affecting zohocorp/manageengine_recovery_manager_plus.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2026-11374P3CRITICALCVSS 9.0fixed in 63212026-06-23
CVE-2026-11374 [CRITICAL] CWE-287 CVE-2026-11374: In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the S
In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted
by an unauthenticated user, leading to account takeover.
nvd
CVE-2018-9163P4MEDIUMCVSS 5.4PoCfixed in 5.32018-04-02
CVE-2018-9163 [MEDIUM] CWE-79 CVE-2018-9163: A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus before
A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 (Build 5350) allows remote authenticated users (with Add New Technician permissions) to inject arbitrary web script or HTML via the loginName field to technicianAction.do.
nvd