Aggregates CVE and security vulnerability intelligence across all Zoho-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk csrf, vendor risk memory corruption, and vendor risk buffer overflow and related problems; some flaws may lead to vendor impact memory corruption and vendor impact application crash.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-27655 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions Based on Mailboxes report. | 0fc0942c-577d-436f-ae8e-945763c79b02 | 7.3 | 0.02% | 2026-04-03 | 2026-04-03 |
| CVE-2026-4108 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Non-Owner Mailbox Permission report. | 0fc0942c-577d-436f-ae8e-945763c79b02 | 7.3 | 0.03% | 2026-04-03 | 2026-04-03 |
| CVE-2026-4107 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Folder Message Count and Size report. | 0fc0942c-577d-436f-ae8e-945763c79b02 | 7.3 | 0.03% | 2026-04-03 | 2026-04-03 |
| CVE-2026-3880 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Public Folder Client Permissions report. | 0fc0942c-577d-436f-ae8e-945763c79b02 | 7.3 | 0.02% | 2026-04-03 | 2026-04-03 |
| CVE-2026-3879 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Equipment Mailbox Details report. | 0fc0942c-577d-436f-ae8e-945763c79b02 | 7.3 | 0.03% | 2026-04-03 | 2026-04-03 |
| CVE-2026-28703 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Mails Exchanged Between Users report. | 0fc0942c-577d-436f-ae8e-945763c79b02 | 7.3 | 0.03% | 2026-04-03 | 2026-04-03 |
| CVE-2026-28756 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions based on Distribution Groups report. | 0fc0942c-577d-436f-ae8e-945763c79b02 | 7.3 | 0.02% | 2026-04-03 | 2026-04-03 |
| CVE-2026-28754 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Distribution Lists report. | 0fc0942c-577d-436f-ae8e-945763c79b02 | 7.3 | 0.03% | 2026-04-03 | 2026-04-03 |
| CVE-2025-9435 | Zohocorp ManageEngine ADManager Plus versions below 7230 are vulnerable to Path Traversal in the User Management module | 0fc0942c-577d-436f-ae8e-945763c79b02 | 5.5 | 0.02% | 2026-01-13 | 2026-01-29 |
| CVE-2025-11669 | Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality. | 0fc0942c-577d-436f-ae8e-945763c79b02 | 8.1 | 0.01% | 2026-01-13 | 2026-02-02 |
| CVE-2025-11250 | Zohocorp ManageEngine ADSelfService Plus versions before 6519 are vulnerable to Authentication Bypass due to improper filter configurations. | 0fc0942c-577d-436f-ae8e-945763c79b02 | 9.1 | 0.09% | 2026-01-13 | 2026-01-29 |
| CVE-2025-9787 | Zohocorp ManageEngine Applications Manager versions 177400 and below are vulnerable to Stored Cross-Site Scripting vulnerability in the NOC view. | 0fc0942c-577d-436f-ae8e-945763c79b02 | 6.1 | 0.16% | 2025-12-18 | 2026-01-29 |
| CVE-2025-11670 | Zohocorp ManageEngine ADManager Plus versions before 8025 are vulnerable to NTLM Hash Exposure. This vulnerability is exploitable only by technicians who have the “Impersonate as Admin” option enabled. | 0fc0942c-577d-436f-ae8e-945763c79b02 | 6.4 | 0.03% | 2025-12-15 | 2025-12-18 |
| CVE-2025-7633 | Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Custom report. | 0fc0942c-577d-436f-ae8e-945763c79b02 | 7.3 | 0.03% | 2025-11-11 | 2025-11-24 |
| CVE-2025-7632 | Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Public Folders report. | 0fc0942c-577d-436f-ae8e-945763c79b02 | 7.3 | 0.03% | 2025-11-11 | 2025-11-21 |
| CVE-2025-7430 | Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Folder Message Count and Size report. | 0fc0942c-577d-436f-ae8e-945763c79b02 | 7.3 | 0.03% | 2025-11-11 | 2025-11-21 |
| CVE-2025-7429 | Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Mails Deleted or Moved report. | 0fc0942c-577d-436f-ae8e-945763c79b02 | 7.3 | 0.03% | 2025-11-11 | 2025-11-21 |
| CVE-2025-5347 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5723 are vulnerable to Stored Cross Site Scripting in the reports module. | 0fc0942c-577d-436f-ae8e-945763c79b02 | 6.3 | 0.05% | 2025-10-30 | 2025-11-07 |
| CVE-2025-5343 | Zohocorp ManageEngine Exchange Reporter Plus versions through 5721 are vulnerable to Stored Cross Site Scripting in the Instant Search option. | 0fc0942c-577d-436f-ae8e-945763c79b02 | 6.3 | 0.05% | 2025-10-30 | 2025-11-07 |
| CVE-2025-5342 | Zohocorp ManageEngine Exchange Reporter Plus through 5721 are vulnerable to ReDOS vulnerability in the search module. | 0fc0942c-577d-436f-ae8e-945763c79b02 | 4.3 | 0.38% | 2025-10-30 | 2025-11-07 |