CVE-2025-7429

CVSS v2.0

8.5

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:N

Name of the Vulnerable Software and Affected Versions ManageEngine Exchange Reporter Plus versions 5723 and below

Description The software is susceptible to a Stored Cross-Site Scripting (XSS) issue present in the Mails Deleted or Moved report. This allows for the injection of malicious scripts that can be stored on the target server and executed in the context of other users’ browsers.

Recommendations Update ManageEngine Exchange Reporter Plus to a version higher than 5723.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2026-00237

CVE-2025-7429

Affected Products

Exchange Reporter Plus

CVE-2025-7429

Weakness Enumeration

Related Identifiers

Affected Products

References · 9