Zoho ManageEngine Exchange Reporter Plus is a web-based analysis, monitoring, and change auditing solution for your Exchange servers. It offers comprehensive reports, real-time alerts, and a convenient dashboard to help manage the day-to-day operations of the servers. Moreover, it helps in meeting compliance requirements, preventing threats and efficiently troubleshooting the system.

Zoho ManageEngine Exchange Reporter Plus

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Distribution Lists report.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-4107	MEDIUM	5.4	Zoho ManageEngine Exchange Reporter Plus	cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus	No	Yes	Apr 03, 2026
CVE-2026-27655	MEDIUM	4.8	Zoho ManageEngine Exchange Reporter Plus	cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus	No	Yes	Apr 03, 2026
CVE-2026-4108	MEDIUM	4.8	Zoho ManageEngine Exchange Reporter Plus	cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus	No	Yes	Apr 03, 2026
CVE-2026-3880	MEDIUM	4.8	Zoho ManageEngine Exchange Reporter Plus	cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus	No	Yes	Apr 03, 2026
CVE-2026-3879	MEDIUM	4.8	Zoho ManageEngine Exchange Reporter Plus	cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus	No	Yes	Apr 03, 2026

CVE-2026-28754:
Zoho ManageEngine Exchange Reporter Plus vulnerability analysis and mitigation

4.8

Related Zoho ManageEngine Exchange Reporter Plus vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2026-28754: Zoho ManageEngine Exchange Reporter Plus vulnerability analysis and mitigation