PT-2026-30026 · Manageengine · Exchange Reporter Plus
C311
·
Published
2026-04-03
·
Updated
2026-04-03
·
CVE-2026-3879
CVSS v3.1
7.3
High
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
ManageEngine Exchange Reporter Plus versions prior to 5802
Description
ManageEngine Exchange Reporter Plus versions before 5802 are susceptible to Stored Cross-Site Scripting (XSS) in the Equipment Mailbox Details report. This allows for the injection of malicious scripts that can be executed in the context of other users' browsers.
Recommendations
Update ManageEngine Exchange Reporter Plus to version 5802 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Exchange Reporter Plus