Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions Based on Mailboxes report
The Zohocorp ManageEngine Exchange Reporter Plus has a stored cross-site scripting (XSS) vulnerability in the Permissions Based on Mailboxes report. This allows an attacker to inject malicious code into the report, which can be executed when a user views the report, potentially leading to data theft and system compromise. This vulnerability can be exploited by an attacker with network access.
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions Based on Mailboxes report.
Users of ManageEngine Exchange Reporter Plus versions before 5802 are at high risk of having their data compromised due to the stored XSS vulnerability in the Permissions Based on Mailboxes report.
Remediation Recommended
This vulnerability carries significant risk. Schedule patching in your next cycle.
What should I do?
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
| Vendor | Product | Versions | Fixed In |
|---|---|---|---|
| zohocorp | manageengine_exchange_reporter_plus | 5.8 | - |
| zohocorp | manageengine_exchange_reporter_plus | - |
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
4
Affected Products
1
References
zohocorp / manageengine_exchange_reporter_plus
| - |
| zohocorp | manageengine_exchange_reporter_plus | - | - |
| zohocorp | manageengine_exchange_reporter_plus | - | - |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Exploitability
Impact