Skip to main content

Manageengine Exchange Reporter Plus CVE-2025-5966

| EUVDEUVD-2025-28698 HIGH
Cross-site Scripting (XSS) (CWE-79)
2025-06-26 0fc0942c-577d-436f-ae8e-945763c79b02
8.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.1 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Mar 15, 2026 - 23:54 euvd
EUVD-2025-28698
Analysis Generated
Mar 15, 2026 - 23:54 vuln.today
CVE Published
Jun 26, 2025 - 13:15 nvd
HIGH 8.1

DescriptionCVE.org

Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in the Attachments by filename keyword report.

Analysis

Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in the Attachments by filename keyword report.

Technical ContextAI

Cross-site scripting (XSS) allows injection of client-side scripts into web pages viewed by other users due to insufficient output encoding.

RemediationAI

Encode all user-supplied output contextually (HTML, JS, URL). Implement Content Security Policy (CSP) headers. Use HTTPOnly and Secure cookie flags.

CVE-2022-29457 HIGH POC
8.8 Apr 18

Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131

CVE-2025-3835 CRITICAL
9.6 Jun 09

Critical remote code execution vulnerability in Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior, ex

CVE-2020-24786 CRITICAL
9.8 Aug 31

An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number

CVE-2023-6105 MEDIUM POC
5.5 Nov 15

An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys bein

CVE-2024-9459 HIGH
8.8 Nov 05

Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior are vulnerable to authenticated SQL Injection in re

CVE-2024-38872 HIGH
8.8 Jul 26

Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection i

CVE-2024-38871 HIGH
8.8 Jul 26

Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection i

CVE-2024-21775 HIGH
8.8 Feb 16

Zoho ManageEngine Exchange Reporter Plus versions 5714 and below are vulnerable to the Authenticated SQL injection in re

CVE-2025-5366 HIGH
8.1 Jun 26

Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in the Folder-wise read

CVE-2024-6204 HIGH
8.1 Aug 30

Zohocorp ManageEngine Exchange Reporter Plus versions before 5715 are vulnerable to SQL Injection in the reports module.

CVE-2023-35785 HIGH
8.1 Aug 28

Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and bel

CVE-2023-22624 HIGH
7.5 Jan 17

Zoho ManageEngine Exchange Reporter Plus before 5708 allows attackers to conduct XXE attacks. Rated high severity (CVSS

Share

CVE-2025-5966 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy