Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Mails Exchanged Between Users report
The ManageEngine Exchange Reporter Plus has a stored cross-site scripting (XSS) vulnerability in the Mails Exchanged Between Users report. This allows an attacker to inject malicious code, potentially leading to unauthorized access or data theft. Developers should prioritize fixing this issue to prevent attacks.
Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Mails Exchanged Between Users report.
Users of ManageEngine Exchange Reporter Plus versions before 5802 are at high risk of stored XSS attacks, which could lead to data theft or unauthorized access.
Remediation Recommended
This vulnerability carries significant risk. Schedule patching in your next cycle.
What should I do?
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
| Vendor | Product | Versions | Fixed In |
|---|---|---|---|
| zohocorp | manageengine_exchange_reporter_plus | 5.8 | - |
| zohocorp | manageengine_exchange_reporter_plus | - |
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
4
Affected Products
1
References
zohocorp / manageengine_exchange_reporter_plus
| - |
| zohocorp | manageengine_exchange_reporter_plus | - | - |
| zohocorp | manageengine_exchange_reporter_plus | - | - |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Exploitability
Impact