Volerion logoVolerion
Volerion logoVolerion

ManageEngine Exchange Reporter Plus Stored Cross-Site Scripting Vulnerability

Vulnerability

A stored cross-site scripting vulnerability has been identified in ManageEngine Exchange Reporter Plus, affecting versions prior to 5802. The issue resides in the 'Mails Exchanged Between Users' report, within the Reports module. This vulnerability allows authenticated attackers with Exchange administrative privileges to inject and execute malicious scripts. Exploitation could enable these attackers to perform actions within Exchange Reporter Plus, based on the privileges of the user who accesses the compromised report.

Impact

Exploitation of this vulnerability could allow an authenticated attacker with Exchange administrative rights to inject and execute malicious scripts, potentially leading to unauthorized actions within Exchange Reporter Plus, depending on the privileges of the user accessing the affected report.

Remediation

Users can update to Exchange Reporter Plus version 5802 or later. Instructions for downloading the latest version are available on the ManageEngine Exchange Reporter Plus website.

Added: Apr 3, 2026, 12:19 PM
Updated: Apr 3, 2026, 12:19 PM

Vulnerability Rating

Custom Algorithm
spread
2.6
impact
5.4
exploitability
2.8
remediation
7.7
relevance
5.2
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.