Zoho Corp Manageengine Exchange Reporter Plus
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Zoho Corp Manageengine Exchange Reporter Plus.
By the Year
In 2026 there have been 8 vulnerabilities in Zoho Corp Manageengine Exchange Reporter Plus with an average score of 7.3 out of ten. Last year, in 2025 Manageengine Exchange Reporter Plus had 8 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Manageengine Exchange Reporter Plus in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.71.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 8 | 7.30 |
| 2025 | 8 | 6.59 |
| 2024 | 5 | 8.66 |
| 2023 | 3 | 7.03 |
| 2022 | 1 | 8.80 |
It may take a day or so for new Manageengine Exchange Reporter Plus vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Zoho Corp Manageengine Exchange Reporter Plus Security Vulnerabilities
Stored XSS in Permissions Based on Mailboxes report in MEER Plus
CVE-2026-27655
7.3 - High
- April 03, 2026
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions Based on Mailboxes report.
XSS
Stored XSS in Mailbox Permission Report Exchange Reporter Plus < 5802
CVE-2026-4108
7.3 - High
- April 03, 2026
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Non-Owner Mailbox Permission report.
XSS
Stored XSS in ManageEngine Exchange Reporter Plus Folder Report
CVE-2026-4107
7.3 - High
- April 03, 2026
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Folder Message Count and Size report.
XSS
ManageEngine ERP Stored XSS via Public Folder Client Permissions
CVE-2026-3880
7.3 - High
- April 03, 2026
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Public Folder Client Permissions report.
XSS
ManageEngine Exchange Reporter Plus Stored XSS in Equipment Mailbox Details
CVE-2026-3879
7.3 - High
- April 03, 2026
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Equipment Mailbox Details report.
XSS
ManageEngine ER+ Stored XSS in Mails Exchanged Report (v<5802)
CVE-2026-28703
7.3 - High
- April 03, 2026
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Mails Exchanged Between Users report.
XSS
StoreXSS in Zohocorp ManageEngine ER report for Distribution Groups
CVE-2026-28756
7.3 - High
- April 03, 2026
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions based on Distribution Groups report.
XSS
Zohocorp ManageEngine ERP Stored XSS in Distribution Lists
CVE-2026-28754
7.3 - High
- April 03, 2026
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Distribution Lists report.
XSS
ManageEngine Exchange Reporter Plus Stored XSS via Custom Report
CVE-2025-7633
7.3 - High
- November 11, 2025
Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Custom report.
XSS
Zohocorp ManageEngine Exchange Reporter Plus Stored XSS in Public Folders
CVE-2025-7632
7.3 - High
- November 11, 2025
Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Public Folders report.
XSS
ManageEngine ERP XSS via Folder Message Count/Size Report
CVE-2025-7430
7.3 - High
- November 11, 2025
Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Folder Message Count and Size report.
XSS
Stored XSS in Exchange Reporter Plus Mails Deleted/Moved Report
CVE-2025-7429
7.3 - High
- November 11, 2025
Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Mails Deleted or Moved report.
XSS
Zoho ManageEngine Exchange Reporter Plus XSS in Reports Module (CVE-2025-5347)
CVE-2025-5347
6.3 - Medium
- October 30, 2025
Zohocorp ManageEngine Exchange Reporter Plus versions before 5723 are vulnerable to Stored Cross Site Scripting in the reports module.
XSS
Stored XSS in ManageEngine Exchange Reporter Plus Instant Search
CVE-2025-5343
6.3 - Medium
- October 30, 2025
Zohocorp ManageEngine Exchange Reporter Plus versions through 5721 are vulnerable to Stored Cross Site Scripting in the Instant Search option.
XSS
ManageEngine Exchange Reporter Plus ReDOS in Search Module
CVE-2025-5342
4.3 - Medium
- October 30, 2025
Zohocorp ManageEngine Exchange Reporter Plus through 5721 are vulnerable to ReDOS vulnerability in the search module.
Resource Exhaustion
RCE in Content Search of ManageEngine Exchange Reporter Plus (v<=5721)
CVE-2025-3835
- June 09, 2025
Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module.
SQL Injection in ManageEngine Exchange Reporter Plus Reports
CVE-2024-9459
8.8 - High
- November 05, 2024
Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior are vulnerable to authenticated SQL Injection in reports module.
SQL Injection
SQL Injection in Zohocorp ME Exchange Reporter Plus 5715
CVE-2024-6204
8.1 - High
- August 30, 2024
Zohocorp ManageEngine Exchange Reporter Plus versions before 5715 are vulnerable to SQL Injection in the reports module.
SQL Injection
Auth SQLi in ManageEngine Exchange Reporter Plus Reports Module
CVE-2024-38871
8.8 - High
- July 26, 2024
Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the reports module.
SQL Injection
ManageEngine ERP Monitoring Module SQLi Vulnerability
CVE-2024-38872
8.8 - High
- July 26, 2024
Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the monitoring module.
SQL Injection
Zoho ManageEngine Exchange Reporter Plus SQLi via Report Export
CVE-2024-21775
8.8 - High
- February 16, 2024
Zoho ManageEngine Exchange Reporter Plus versions 5714 and below are vulnerable to the Authenticated SQL injection in report exporting feature.
SQL Injection
Info Disclosure in ManageEngine via Exposed Encryption Keys (CVE-2023-6105)
CVE-2023-6105
5.5 - Medium
- November 15, 2023
An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database.
ManageEngine Suite 2FA Bypass via TOTP Auth
CVE-2023-35785
8.1 - High
- August 28, 2023
Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14204 and below and 143xx 14302 and below, ServiceDesk Plus MSP 14300 and below, SharePoint Manager Plus 4402 and below, and Support Center Plus 14300 and below are vulnerable to 2FA bypass via a few TOTP authenticators. Note: A valid pair of username and password is required to leverage this vulnerability.
authentification
Zoho MngtEngine Exchange Reporter Plus XXE Vulnerability
CVE-2023-22624
7.5 - High
- January 17, 2023
Zoho ManageEngine Exchange Reporter Plus before 5708 allows attackers to conduct XXE attacks.
XXE
Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131
CVE-2022-29457
8.8 - High
- April 18, 2022
Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps.
Insufficiently Protected Credentials
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Zoho Corp Manageengine Exchange Reporter Plus or by Zoho Corp? Click the Watch button to subscribe.
