CVE-2025-5966

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
8.1HIGH
EPSS
2.3%
top 15.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Zohocorp Manageengine Exchange Reporter PlusManageengine Exchange Reporter Plus
Timeline
PublishedJun 26

Description

Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in the Attachments by filename keyword report.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-rpjg-wf34-j7pf: Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in the Attachments by filename keyword report2025-06-26
CVEList
Stored XSS2025-06-26
CVE-2025-5966 (HIGH CVSS 8.1) | Zohocorp ManageEngine Exchange repo | cvebase.io