Manageengine Exchange Reporter Plus
8 CVEs affecting Manageengine Exchange Reporter Plus. Latest disclosed: 2025-06-26. Critical: 1, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-3835 | Critical | 9.6 | 2025-06-09 | Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module. |
CVE-2024-9459 | High | 8.3 | 2024-11-05 | Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior are vulnerable to authenticated SQL Injection in reports module. |
CVE-2024-6204 | High | 8.3 | 2024-08-30 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5715 are vulnerable to SQL Injection in the reports module. |
CVE-2024-38872 | High | 8.3 | 2024-07-26 | Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the monitoring module. |
CVE-2024-38871 | High | 8.3 | 2024-07-26 | Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the reports module. |
CVE-2024-21775 | High | 8.3 | 2024-02-16 | Zoho ManageEngine Exchange Reporter Plus versions 5714 and below are vulnerable to the Authenticated SQL injection in report exporting feature. |
CVE-2025-5966 | High | 8.1 | 2025-06-26 | Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in the Attachments by filename keyword report. |
CVE-2025-5366 | High | 8.1 | 2025-06-26 | Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in the Folder-wise read mails with subject report. |