Zohocorp: Security Vulnerabilities
Zohocorp ManageEngine ADSelfService Plus versions before 6519 are vulnerable to Authentication Bypass due to improper filter configurations.
CVSS Score
9.1
EPSS Score
0.001
Published
2026-01-13
Zohocorp ManageEngine Applications Manager versions 177400 and below are vulnerable to Stored Cross-Site Scripting vulnerability in the NOC view.
CVSS Score
6.1
EPSS Score
0.004
Published
2025-12-18
Zohocorp ManageEngine ADManager Plus versions before 8025 are vulnerable to NTLM Hash Exposure.
This vulnerability is exploitable only by technicians who have the “Impersonate as Admin” option enabled.
CVSS Score
6.4
EPSS Score
0.0
Published
2025-12-15
Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Folder Message Count and Size report.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-11-11
Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Public Folders report.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-11-11
Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Custom report.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-11-11
Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Mails Deleted or Moved report.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-11-11
Zohocorp ManageEngine Exchange Reporter Plus through 5721 are vulnerable to ReDOS vulnerability in the search module.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-10-30
Zohocorp ManageEngine Exchange Reporter Plus versions through 5721 are vulnerable to Stored Cross Site Scripting in the Instant Search option.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-10-30
Zohocorp ManageEngine Exchange Reporter Plus versions before 5723 are vulnerable to Stored Cross Site Scripting in the reports module.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-10-30