PT-2025-26957 · Manageengine · Zoho Manageengine Exchange Reporter Plus
Ngockhanhc311
·
Published
2025-06-26
·
Updated
2025-07-01
·
CVE-2025-5966
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions:
ManageEngine Exchange Reporter Plus versions 5722 and below
Description:
The issue concerns a Stored XSS in the Attachments by filename keyword report. This affects the management of attachments based on filename keywords, potentially allowing malicious scripts to be stored and executed.
Recommendations:
For versions 5722 and below, consider disabling the report feature for attachments by filename keyword until a fix is available. Restrict access to the attachments report module to minimize the risk of exploitation. Avoid using the filename keyword feature in the affected report until the issue is resolved.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zoho Manageengine Exchange Reporter Plus