Security Advisory

ManageEngine (Exchange Reporter Plus, Exchange Reporter Plus, and others) Family April 2026 Security Update Advisory

  • Apr 09 2026
ManageEngine (Exchange Reporter Plus, Exchange Reporter Plus, and others) Family April 2026 Security Update Advisory

overview

Zoho(https://www.zohocorp.com/) has released a security update that addresses a vulnerability in its ManageEngine suite of products. users of affected products are advised to update to the latest version.

affected products

Exchange Reporter Plus builds 5801 and earlier

resolved Vulnerabilities

High Impact Cross-Site Scripting (XSS) vulnerability in Exchange Reporter Plus (CVE-2026-3880) [1] [2

High Impact Cross Site Scripting (XSS) Vulnerability in Exchange Reporter Plus (CVE-2026-4107) [2]

High Impact Cross-Site Scripting (XSS) Vulnerability in Exchange Reporter Plus (CVE-2026-4108) [3] [4

High Impact Cross-Site Scripting (XSS) Vulnerability in Exchange Reporter Plus (CVE-2026-28703) [4] [5

High Impact Cross-Site Scripting (XSS) Vulnerability in Exchange Reporter Plus (CVE-2026-27655) [5] [6

High Impact Cross-Site Scripting (XSS) Vulnerability in Exchange Reporter Plus (CVE-2026-3879) [6] [7

High Impact Cross-Site Scripting (XSS) Vulnerability in Exchange Reporter Plus (CVE-2026-28754) [7] [8

High Impact Cross-Site Scripting (XSS) Vulnerability in Exchange Reporter Plus (CVE-2026-28756) [8]

vulnerability patches

Please follow the security advisory published on April 03, 2014 and update to the latest version.

Exchange Reporter Plus version 5802

reference site

[1] CVE-2026-3880 – Stored XSS Vulnerability

https://www.manageengine.com/products/exchange-reports/advisory/CVE-2026-3880.html

[2] CVE-2026-4107 – Stored XSS Vulnerability

https://www.manageengine.com/products/exchange-reports/advisory/CVE-2026-4107.html

[3] CVE-2026-4108 – Stored XSS Vulnerability

https://www.manageengine.com/products/exchange-reports/advisory/CVE-2026-4108.html

[4] CVE-2026-28703 – Stored XSS Vulnerability

https://www.manageengine.com/products/exchange-reports/advisory/CVE-2026-28703.html

[5] CVE-2026-27655 – Stored XSS Vulnerability

https://www.manageengine.com/products/exchange-reports/advisory/CVE-2026-27655.html

[6] CVE-2026-3879 – Stored XSS Vulnerability

https://www.manageengine.com/products/exchange-reports/advisory/CVE-2026-3879.html

[7] CVE-2026-28754 – Stored XSS Vulnerability

https://www.manageengine.com/products/exchange-reports/advisory/CVE-2026-28754.html

[8] CVE-2026-28756 – Stored XSS Vulnerability

https://www.manageengine.com/products/exchange-reports/advisory/CVE-2026-28756.html

Tags:
Previous Post

Next Post