Zohocorp Manageengine_exchange_reporter_plus
28 CVEs affecting Zohocorp Manageengine_exchange_reporter_plus. Latest disclosed: 2026-04-03. Critical: 2, High: 22.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-24786 | Critical | 9.8 | 2020-08-31 | An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build n… |
CVE-2025-3835 | Critical | 9.6 | 2025-06-09 | Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module. |
CVE-2022-29457 | High | 8.8 | 2022-04-18 | Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certa… |
CVE-2024-9459 | High | 8.3 | 2024-11-05 | Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior are vulnerable to authenticated SQL Injection in reports module. |
CVE-2024-6204 | High | 8.3 | 2024-08-30 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5715 are vulnerable to SQL Injection in the reports module. |
CVE-2024-38872 | High | 8.3 | 2024-07-26 | Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the monitoring module. |
CVE-2024-38871 | High | 8.3 | 2024-07-26 | Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the reports module. |
CVE-2024-21775 | High | 8.3 | 2024-02-16 | Zoho ManageEngine Exchange Reporter Plus versions 5714 and below are vulnerable to the Authenticated SQL injection in report exporting feature. |
CVE-2025-5966 | High | 8.1 | 2025-06-26 | Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in the Attachments by filename keyword report. |
CVE-2025-5366 | High | 8.1 | 2025-06-26 | Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in the Folder-wise read mails with subject report. |
CVE-2023-35785 | High | 8.1 | 2023-08-28 | Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7… |
CVE-2023-22624 | High | 7.5 | 2023-01-17 | Zoho ManageEngine Exchange Reporter Plus before 5708 allows attackers to conduct XXE attacks. |
CVE-2026-27655 | High | 7.3 | 2026-04-03 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions Based on Mailboxes report. |
CVE-2026-4108 | High | 7.3 | 2026-04-03 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Non-Owner Mailbox Permission report. |
CVE-2026-4107 | High | 7.3 | 2026-04-03 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Folder Message Count and Size report. |
CVE-2026-3880 | High | 7.3 | 2026-04-03 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Public Folder Client Permissions report. |
CVE-2026-3879 | High | 7.3 | 2026-04-03 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Equipment Mailbox Details report. |
CVE-2026-28703 | High | 7.3 | 2026-04-03 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Mails Exchanged Between Users report. |
CVE-2026-28756 | High | 7.3 | 2026-04-03 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions based on Distribution Groups report. |
CVE-2026-28754 | High | 7.3 | 2026-04-03 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Distribution Lists report. |