Exchange Reporter Plus
by Manageengine
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-3835 | Cri | 0.63 | 9.6 | 0.02 | Jun 9, 2025 | Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module. | ||
| CVE-2024-9459 | Hig | 0.54 | 8.3 | 0.02 | Nov 5, 2024 | Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior are vulnerable to authenticated SQL Injection in reports module. | ||
| CVE-2024-6204 | Hig | 0.54 | 8.3 | 0.02 | Aug 30, 2024 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5715 are vulnerable to SQL Injection in the reports module. | ||
| CVE-2024-38872 | Hig | 0.54 | 8.3 | 0.03 | Jul 26, 2024 | Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the monitoring module. | ||
| CVE-2024-38871 | Hig | 0.54 | 8.3 | 0.03 | Jul 26, 2024 | Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the reports module. | ||
| CVE-2024-21775 | Hig | 0.54 | 8.3 | 0.05 | Feb 16, 2024 | Zoho ManageEngine Exchange Reporter Plus versions 5714 and below are vulnerable to the Authenticated SQL injection in report exporting feature. | ||
| CVE-2025-5966 | Hig | 0.53 | 8.1 | 0.01 | Jun 26, 2025 | Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in the Attachments by filename keyword report. | ||
| CVE-2025-5366 | Hig | 0.53 | 8.1 | 0.01 | Jun 26, 2025 | Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in the Folder-wise read mails with subject report. | ||
| CVE-2025-5343 | 0.00 | — | 0.00 | Oct 30, 2025 | Zohocorp ManageEngine Exchange Reporter Plus versions through 5721 are vulnerable to Stored Cross Site Scripting in the Instant Search option. |
- risk 0.63cvss 9.6epss 0.02
Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module.
- risk 0.54cvss 8.3epss 0.02
Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior are vulnerable to authenticated SQL Injection in reports module.
- risk 0.54cvss 8.3epss 0.02
Zohocorp ManageEngine Exchange Reporter Plus versions before 5715 are vulnerable to SQL Injection in the reports module.
- risk 0.54cvss 8.3epss 0.03
Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the monitoring module.
- risk 0.54cvss 8.3epss 0.03
Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the reports module.
- risk 0.54cvss 8.3epss 0.05
Zoho ManageEngine Exchange Reporter Plus versions 5714 and below are vulnerable to the Authenticated SQL injection in report exporting feature.
- risk 0.53cvss 8.1epss 0.01
Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in the Attachments by filename keyword report.
- risk 0.53cvss 8.1epss 0.01
Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in the Folder-wise read mails with subject report.
- CVE-2025-5343Oct 30, 2025risk 0.00cvss —epss 0.00
Zohocorp ManageEngine Exchange Reporter Plus versions through 5721 are vulnerable to Stored Cross Site Scripting in the Instant Search option.