CVE-2025-5347

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
5.4MEDIUM
EPSS
0.0%
top 91.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Zohocorp Manageengine Exchange Reporter Plus
Timeline
PublishedOct 30

Description

Zohocorp ManageEngine Exchange Reporter Plus versions before 5723 are vulnerable to Stored Cross Site Scripting in the reports module.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:NExploitability: 2.1 | Impact: 4.2

Affected Packages2 packages

🔴Vulnerability Details

2
CVEList
Stored XSS2025-10-30
GHSA
GHSA-2cf6-j6g5-qmwq: Zohocorp ManageEngine Exchange Reporter Plus versions before 5723 are vulnerable to Stored Cross Site Scripting in the reports module2025-10-30
CVE-2025-5347 (MEDIUM CVSS 5.4) | Zohocorp ManageEngine Exchange Repo | cvebase.io