23 matches found
CVE-2026-28703
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Mails Exchanged Between Users report...
CVE-2026-4108
CVE-2026-4108 affects Zohocorp ManageEngine Exchange Reporter Plus pre-5802. The issue is a stored XSS vulnerability within the Non-Owner Mailbox Permission report, allowing an attacker to inject script when a report is generated or viewed that processes user-supplied input. Based on the availabl...
PT-2026-30027
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Public Folder Client Permissions report...
CVE-2025-7633 Stored XSS
Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Custom report...
EUVD-2025-17446
Malicious code in bioql PyPI...
ManageEngine Exchange Reporter Plus RCE
The version of ManageEngine Exchange Reporter Plus on the Host is prior to 5722. It is, therefore, affected by an RCE Vulnerability where Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module. Note that Nessus has...
ManageEngine Exchange Reporter Plus Multiple Vulnerabilities
The version of ManageEngine Exchange Reporter Plus on the host is prior to 5723. It is, therefore, affected by multiple XSS vulnerabilities - Zohocorp ManageEngine Exchange Reporter Plus version 5722 and below are vulnerable to Stored XSS in the Attachments by filename keyword report. CVE-2025-59...
CVE-2025-3835
Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module...
CVE-2025-3835
Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module...
CVE-2025-3835 Remote Code Execution
Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module...
CVE-2024-9459
Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior are vulnerable to authenticated SQL Injection in reports module...
CVE-2024-6204
Product affected: Zohocorp ManageEngine Exchange Reporter Plus. Vulnerability: SQL Injection in the reports module. Affected versions: before 5715. Root cause / details: SQL injection vulnerability in the reports module (no further technical specifics provided in the cited documents). Impact (as ...
CVE-2024-6204 SQL injection
Zohocorp ManageEngine Exchange Reporter Plus versions before 5715 are vulnerable to SQL Injection in the reports module...
CVE-2024-38872
Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the monitoring module...
CVE-2024-38872
Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the monitoring module...
CVE-2024-38872 SQL Injection
Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the monitoring module...
PT-2024-5296
Name of the Vulnerable Software and Affected Versions Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below Description The issue is related to the monitoring module of Zohocorp ManageEngine Exchange Reporter Plus, where the software fails to properly protect the SQL query structur...
CVE-2024-21775 SQL Injection
Zoho ManageEngine Exchange Reporter Plus versions 5714 and below are vulnerable to the Authenticated SQL injection in report exporting feature...
CVE-2024-21775 SQL Injection
Zoho ManageEngine Exchange Reporter Plus versions 5714 and below are vulnerable to the Authenticated SQL injection in report exporting feature...
PT-2023-18594 · Zoho · Zoho Manageengine Exchange Reporter Plus
Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine Exchange Reporter Plus versions prior to 5708 Description: The issue allows attackers to conduct XXE XML External Entity attacks. This type of attack occurs when an application parses XML input that contains malicious extern...