Zohocorp Manageengine Exchange Reporter Plus — known CVE vulnerabilities
Every CVE whose affected-product data names Zohocorp Manageengine Exchange Reporter Plus, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (28)
CVE-2020-24786 — CVSS 9.8 (critical): An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService…
CVE-2025-3835 — CVSS 9.6 (critical): Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module.
CVE-2022-29457 — CVSS 8.8 (high): Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash…
CVE-2024-38871 — CVSS 8.3 (high): Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the reports…
CVE-2024-6204 — CVSS 8.3 (high): Zohocorp ManageEngine Exchange Reporter Plus versions before 5715 are vulnerable to SQL Injection in the reports module.
CVE-2024-38872 — CVSS 8.3 (high): Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the monitoring…
CVE-2024-9459 — CVSS 8.3 (high): Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior are vulnerable to authenticated SQL Injection in reports module.
CVE-2024-21775 — CVSS 8.3 (high): Zoho ManageEngine Exchange Reporter Plus versions 5714 and below are vulnerable to the Authenticated SQL injection in report exporting…
CVE-2025-5366 — CVSS 8.1 (high): Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in the Folder-wise read mails with subject…
CVE-2023-35785 — CVSS 8.1 (high): Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer…
CVE-2025-5966 — CVSS 8.1 (high): Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in the Attachments by filename keyword…
CVE-2026-3880 — CVSS 7.3 (high): Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Public Folder Client Permissions report.
CVE-2026-3879 — CVSS 7.3 (high): Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Equipment Mailbox Details report.
CVE-2026-4107 — CVSS 7.3 (high): Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Folder Message Count and Size report.
CVE-2026-4108 — CVSS 7.3 (high): Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Non-Owner Mailbox Permission report.
CVE-2025-7429 — CVSS 7.3 (high): Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Mails Deleted or…
CVE-2025-7430 — CVSS 7.3 (high): Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Folder Message…
CVE-2025-7632 — CVSS 7.3 (high): Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Public Folders…
CVE-2025-7633 — CVSS 7.3 (high): Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Custom report.
CVE-2026-27655 — CVSS 7.3 (high): Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions Based on Mailboxes report.
CVE-2026-28703 — CVSS 7.3 (high): Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Mails Exchanged Between Users report.
CVE-2026-28754 — CVSS 7.3 (high): Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Distribution Lists report.
CVE-2026-28756 — CVSS 7.3 (high): Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions based on Distribution Groups…
CVE-2025-5347 — CVSS 6.3 (medium): Zohocorp ManageEngine Exchange Reporter Plus versions before 5723 are vulnerable to Stored Cross Site Scripting in the reports module.
CVE-2025-5343 — CVSS 6.3 (medium): Zohocorp ManageEngine Exchange Reporter Plus versions through 5721 are vulnerable to Stored Cross Site Scripting in the Instant Search…
CVE-2023-6105 — CVSS 5.5 (medium): An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A…
CVE-2025-5342 — CVSS 4.3 (medium): Zohocorp ManageEngine Exchange Reporter Plus through 5721 are vulnerable to ReDOS vulnerability in the search module.