Volerion logoVolerion
Volerion logoVolerion

ManageEngine Exchange Reporter Plus Stored Cross-Site Scripting Vulnerability

Vulnerability

A stored cross-site scripting vulnerability has been identified in ManageEngine Exchange Reporter Plus, affecting versions prior to 5802. The issue resides within the Distribution Lists report, where an authenticated attacker with Exchange administrative privileges could inject and execute malicious scripts. This exploitation would allow the attacker to perform actions within Exchange Reporter Plus based on the privileges of the user accessing the compromised report.

Impact

Exploitation of this vulnerability could enable an authenticated attacker to inject and execute malicious scripts, potentially leading to unauthorized actions within Exchange Reporter Plus, based on the privileges of the user who accesses the affected report.

Remediation

Users can update to Exchange Reporter Plus version 5802 or later. Instructions for downloading the latest version are available on the ManageEngine Exchange Reporter Plus website.

Added: Apr 3, 2026, 11:19 AM
Updated: Apr 3, 2026, 11:19 AM

Vulnerability Rating

Custom Algorithm
spread
2.6
impact
5.4
exploitability
2.8
remediation
7.7
relevance
5.2
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.