EUVD-2026-18617

| CVE-2026-28703 HIGH
2026-04-03 Zohocorp
7.3
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

3
Analysis Generated
Apr 03, 2026 - 12:00 vuln.today
EUVD ID Assigned
Apr 03, 2026 - 12:00 euvd
EUVD-2026-18617
CVE Published
Apr 03, 2026 - 11:29 nvd
HIGH 7.3

Tags

XSS Microsoft

Description

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Mails Exchanged Between Users report.

Analysis

Stored cross-site scripting (XSS) in ManageEngine Exchange Reporter Plus before version 5802 allows authenticated attackers to inject malicious scripts into the 'Mails Exchanged Between Users' report. With CVSS 7.3 (High severity) and low attack complexity (AC:L), this vulnerability requires low-privilege authentication (PR:L) and user interaction (UI:R) to achieve high confidentiality and integrity impact. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 24 hours: Inventory all ManageEngine Exchange Reporter Plus installations and confirm current versions; restrict report access to administrative users only pending mitigation. Within 7 days: Upgrade all instances to version 5802 or later; test functionality post-upgrade. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

37
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +36
POC: 0

Share

EUVD-2026-18617 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy