CVE-2025-5366

CWE-79 โ€” Cross-site Scripting (XSS)CWE-3454 documents4 sources
Severity
8.1HIGH
EPSS
2.3%
top 15.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Zohocorp Manageengine Exchange Reporter PlusManageengine Exchange Reporter Plus
Timeline
PublishedJun 26

Description

Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in the Folder-wise read mails with subject report.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

๐Ÿ”ดVulnerability Details

2
CVEList
Stored XSSโ†—2025-06-26
โ–ถ
GHSA
GHSA-v9g4-3543-gvvh: Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in the Folder-wise read mails with subject reportโ†—2025-06-26
โ–ถ

๐Ÿ“‹Vendor Advisories

1
Microsoft
Openvswitch don't match packets on nd_target fieldโ†—2023-10-10
โ–ถ
CVE-2025-5366 (HIGH CVSS 8.1) | Zohocorp ManageEngine Exchange repo | cvebase.io