EUVD-2026-18625

| CVE-2026-4107 HIGH
2026-04-03 Zohocorp GHSA-h96r-c882-j4mv
7.3
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

3
Analysis Generated
Apr 03, 2026 - 12:00 vuln.today
EUVD ID Assigned
Apr 03, 2026 - 12:00 euvd
EUVD-2026-18625
CVE Published
Apr 03, 2026 - 11:44 nvd
HIGH 7.3

Tags

XSS Microsoft

Description

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Folder Message Count and Size report.

Analysis

Stored cross-site scripting in ManageEngine Exchange Reporter Plus before version 5802 allows authenticated attackers to inject malicious scripts via the Folder Message Count and Size report. With CVSS 7.3 (High severity) and requiring low-privilege authentication with user interaction, successful exploitation enables session hijacking and credential theft within the administrative interface. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 24 hours: Inventory all ManageEngine Exchange Reporter Plus instances and confirm current versions. Within 7 days: Upgrade all instances to version 5802 or later when released by vendor; until then, restrict report access to trusted administrators and disable the Folder Message Count and Size report functionality if possible. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

37
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +36
POC: 0

Share

EUVD-2026-18625 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy