Ngockhanhc311

**Name of the Vulnerable Software and Affected Versions** ManageEngine Applications Manager versions 176600 and prior **Description** ManageEngine Applications Manager is susceptible to a stored cross-site scripting issue within the File/Directory monitor. This allows for malicious script injection, potentially compromising system security. **Recommendations** ManageEngine Applications Manager versions prior to 176600 should be updated.

Name of the Vulnerable Software and Affected Versions: ManageEngine Exchange Reporter Plus versions 5722 and earlier Description: The issue concerns a Stored XSS in the report for emails read by folder with subject. This affects the specified versions of ManageEngine Exchange Reporter Plus, allowing for potential exploitation. Recommendations: For versions 5722 and earlier, as a temporary workaround, consider restricting access to the report feature for emails read by folder with subject until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ManageEngine Exchange Reporter Plus versions 5722 and below Description: The issue concerns a Stored XSS in the Attachments by filename keyword report. This affects the management of attachments based on filename keywords, potentially allowing malicious scripts to be stored and executed. Recommendations: For versions 5722 and below, consider disabling the report feature for attachments by filename keyword until a fix is available. Restrict access to the attachments report module to minimize the risk of exploitation. Avoid using the filename keyword feature in the affected report until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior **Description** The issue concerns remote code execution in the Content Search module. It is related to the CWE-434 Unrestricted Upload of File with Dangerous Type. Remote code execution is possible, allowing attackers to execute malicious code on the affected system. **Recommendations** For versions 5721 and prior, update to a version later than 5721 to resolve the issue. As a temporary workaround, consider disabling the Content Search module until a patch is available. Restrict access to the Content Search module to minimize the risk of exploitation.