Primary

Context

ManageEngine Exchange Reporter Plus Stored Cross-Site Scripting Vulnerability

Vulnerability

Patched

A stored cross-site scripting vulnerability has been identified in ManageEngine Exchange Reporter Plus, affecting versions prior to 5802. The issue resides in the 'Permissions Based on Mailboxes' report, within the Reports module. This vulnerability allows authenticated attackers with Exchange administrative privileges to inject and execute malicious scripts. Exploitation could enable these attackers to perform actions within Exchange Reporter Plus, leveraging the privileges of the user who accesses the compromised report.

Impact

Successful exploitation allows for the injection and execution of malicious scripts, potentially leading to unauthorized actions within Exchange Reporter Plus, based on the privileges of the affected user.

Remediation

Users can update to Exchange Reporter Plus version 5802 or later. Instructions for downloading the latest version are available on the ManageEngine Exchange Reporter Plus website.

Added: Apr 3, 2026, 1:19 PM

Updated: Apr 3, 2026, 1:19 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

5.4

exploitability

2.8

remediation

7.7

relevance

5.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

5.4

exploitability

2.8

remediation

7.7

relevance

5.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ManageEngine Exchange Reporter Plus Stored Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

ManageEngine Exchange Reporter Plus

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating